Releases: blundergoat/gruff-go
Releases · blundergoat/gruff-go
v0.4.0
gruff-go v0.4.0
Install (pinned):
go install github.com/blundergoat/gruff-go/cmd/gruff-go@v0.4.0Or pin per project as a dev tool (Go 1.24+):
go get -tool github.com/blundergoat/gruff-go/cmd/gruff-go@v0.4.0
go tool gruff-go analyse .See CHANGELOG.md for the full notes.
Changelog
Features
- 1de16dc: feat: enhance analysis context handling; include support for reporting all skipped inputs (@mattyhansen)
- 6e85101: feat: enhance package comment analysis to ensure findings are anchored to reportable files (@mattyhansen)
- 3b8411f: feat: enhance sensitive-data rule precision for non-Go config files; skip comment-only lines and known placeholders (@mattyhansen)
- d96bb68: feat: enhance sensitive-data rule to flag secrets containing placeholder substrings; update changelog and add tests (@mattyhansen)
- a3a4f59: feat: update @blundergoat/goat-flow to version 1.11.0 in package-lock.json (@mattyhansen)
- 38a93fe: feat: update changelog for v0.4.0 precision release; clarify generated-file handling, sensitive-data false positives, test-quality precision, and SQL detection improvements (@mattyhansen)
- 27b98fb: feat: update goat-flow reference version to 1.11.0 across documentation and configuration files (@mattyhansen)
- 2448755: feat: update last reviewed dates in calibration, rules, and setup documentation (@mattyhansen)
- 6aa12e8: feat: update tool version to 0.4.0 and enhance context-only parse diagnostics (@mattyhansen)
- 38743ef: feat: update version to 0.4.0 and enhance changelog with precision release details (@mattyhansen)
Full changelog: v0.3.0...v0.4.0
Contributors
mattyhansen
Assets 9
v0.3.0
gruff-go v0.3.0
Install (pinned):
go install github.com/blundergoat/gruff-go/cmd/gruff-go@v0.3.0Or pin per project as a dev tool (Go 1.24+):
go get -tool github.com/blundergoat/gruff-go/cmd/gruff-go@v0.3.0
go tool gruff-go analyse .See CHANGELOG.md for the full notes.
Changelog
Features
- 606abb3: feat: add build script for gruff-go CLI compilation (@mattyhansen)
- 0fd8370: feat: add candidate rules for unused private symbols (const, type, var) with parser-only checks (@mattyhansen)
- f886abe: feat: add code comments and guidelines for documentation practices across multiple languages (@mattyhansen)
- 3fdc604: feat: add documentation for build artifacts and hook footguns with detailed guidance (@mattyhansen)
- 2d731e0: feat: add family launcher
bin/gruff-go.shfor CLI execution and automatic rebuilding (@mattyhansen) - 8e78fef: feat: add new opt-in sensitive-data rules for high-entropy strings, PII, and PHI patterns with configurable thresholds (@mattyhansen)
- a5e334d: feat: add new parser-only rules for Go-module dependency posture and GitHub Actions workflows, enhancing security checks (@mattyhansen)
- dd9f694: feat: add new security rules for sensitive data logging and improve changelog details (@mattyhansen)
- 3db53d1: feat: add seven new parser-only security rules for request-controlled values, enhancing application security (@mattyhansen)
- eeea88f: feat: calibrate gruff rules, scoring, docs, and preflight release checks (@mattyhansen)
- da3d583: feat: codify mission and enhance agent hook contract; implement diff-aware analysis and authoritative path ignoring (@mattyhansen)
- 08ef6dc: feat: enhance baseline generation validation and improve local replace path handling (@mattyhansen)
- 7585df6: feat: enhance build artifact management by ignoring bin/gruff-go and updating related documentation (@mattyhansen)
- d1de2a8: feat: enhance changelog with new release details, sensitive-data rules, and breaking changes (@mattyhansen)
- df8340a: feat: enhance security analysis by fixing false positives and improving baseline handling (@mattyhansen)
- faf1c30: feat: enhance security rules and CLI argument handling for improved precision (@mattyhansen)
- 250051f: feat: enhance security rules to improve detection of unpinned GitHub Actions and path traversal vulnerabilities (@mattyhansen)
- 78158e5: feat: implement agent hook contract v1 with JSON output for new-only findings and capabilities (@mattyhansen)
- a2cbe53: feat: implement native changed-region support in analyse command with new flags and JSON output (@mattyhansen)
- db10792: feat: unify analysis JSON schema to gruff.analysis.v2 across all output formats (@mattyhansen)
- 63bd8d8: feat: unify text output format and introduce static-analysis-redundant test candidate rule (@mattyhansen)
- 09b6db8: feat: update .gitignore to include root build artifact for gruff-go (@mattyhansen)
- 14a31f8: feat: update changelog for toolchain security bump and enhance adversarial test coverage (@mattyhansen)
- b66aa36: feat: update documentation to reflect automated release publishing and versioning changes (@mattyhansen)
- 9d5edbf: feat: update goat-flow reference version to 1.9.1 across documentation and configuration files (@mattyhansen)
- 4a29fac: feat: update goat-flow reference version to 1.9.1 across various documentation and configuration files (@mattyhansen)
Bug fixes
- 12dc602: fix: enhance diff analysis to maintain full project context and improve security rule precision (@mattyhansen)
Other
- 455adab: refactor: remove god-function composite rule and update related tests and scoring logic (@mattyhansen)
- 2f72c67: refactor: reorganize documentation structure and update version references to 1.10.1 (@mattyhansen)
- 9a3bcf6: refactor: reorganize documentation structure and update version references to 1.10.1 (@mattyhansen)
- c673c79: refactor: update comments in golden_test.go for clarity on compositeConfig behavior (@mattyhansen)
Full changelog: v0.2.0...v0.3.0
Contributors
mattyhansen
Assets 9
v0.2.0
gruff-go v0.2.0
Install (pinned):
go install github.com/blundergoat/gruff-go/cmd/gruff-go@v0.2.0Or pin per project as a dev tool (Go 1.24+):
go get -tool github.com/blundergoat/gruff-go/cmd/gruff-go@v0.2.0
go tool gruff-go analyse .See CHANGELOG.md for the full notes.
Changelog
Features
- e829fb1: feat: add per-command minimumSeverity config with precedence, implement ADR-010 (@mattyhansen)
- 75bad51: feat: introduce FailThreshold type for exit code gating, replace Severity in CLI and report logic (@mattyhansen)
- ca0e494: feat: migrate severity model from 5 buckets to 3, update related configurations and documentation (@mattyhansen)
- 4c81519: feat: update CHANGELOG and documentation to reflect severity model migration from 5 buckets to 3, address stale references in user-facing docs (@mattyhansen)
- c6364e8: feat: update severity levels across multiple rules to align with new 3-bucket model (@mattyhansen)
- 5e68b0e: feat: update severity model to 3-bucket system, adjust documentation and configuration references (@mattyhansen)
Bug fixes
- 2ef84aa: fix: include expected schemaVersion and remediation command in config/baseline (@mattyhansen)
- 2e96bd4: fix: update default thresholds and escape characters in rules documentation; enhance release gate checks (@mattyhansen)
Other
- 23bd216: add error handling pattern (@mattyhansen)
- 7a154bd: refactor: centralize min-severity flag detection and validation in checkMinSeverityFlag helper (@mattyhansen)
- 0168e16: refactor: centralize min-severity flag detection and validation in checkMinSeverityFlag helper (@mattyhansen)
Full changelog: v0.1.1...v0.2.0
Contributors
mattyhansen
Assets 9
v0.1.1
gruff-go v0.1.1
Install (pinned):
go install github.com/blundergoat/gruff-go/cmd/gruff-go@v0.1.1Or pin per project as a dev tool (Go 1.24+):
go get -tool github.com/blundergoat/gruff-go/cmd/gruff-go@v0.1.1
go tool gruff-go analyse .See CHANGELOG.md for the full notes.
Changelog
Features
- f5a0c67: feat: add
gruff-go initsubcommand to generate default config file and enhance onboarding experience (@mattyhansen) - 4ba27c5: feat: add new parser rules for npm and GitLab tokens, enhance maintainability and security checks (@mattyhansen)
- 29efb39: feat: add new rules for NPath complexity and unused private functions, flag time.Sleep in tests (@mattyhansen)
- e027997: feat: add parser-only rules for cognitive complexity, unreachable code, maintainability, and HTTP security (@mattyhansen)
- 04fbebc: feat: add shell completion command and support for verbosity flags (@mattyhansen)
- d522e71: feat: bump version to 0.1.1 and update related metadata across multiple files (@mattyhansen)
- 76a621f: feat: document footgun regarding
allowlists.secretPreviewsand sensitive-data findings (@mattyhansen) - 013c972: feat: enhance version bumping script to include package-lock.json and add node version checks (@mattyhansen)
- 3b1b428: feat: rename internal rule files to topic-based names, update preflight checks for node dependency (@mattyhansen)
- 185c371: feat: update config-field-comment rule to be a no-op until includePaths are configured (@mattyhansen)
- 699af06: feat: update parallel-range-capture rule to account for Go 1.22+ module semantics (@mattyhansen)
- 8282478: feat: update rule pillars and enable config-field-comment by default (@mattyhansen)
- 57dbcab: feat: update rule registry to 64 default-enabled rules, enhance documentation and CLI interactions (@mattyhansen)
Full changelog: v0.1.0...v0.1.1
Contributors
mattyhansen
Assets 9
v0.1.0
gruff-go v0.1.0
Install (pinned):
go install github.com/blundergoat/gruff-go/cmd/gruff-go@v0.1.0Or pin per project as a dev tool (Go 1.24+):
go get -tool github.com/blundergoat/gruff-go/cmd/gruff-go@v0.1.0
go tool gruff-go analyse .See CHANGELOG.md for the full notes.
Changelog
Features
- d8bb9ec: feat: add ADR-008 for external-codebase calibration as a precision-tuning loop (Matthew Hansen thatmatthansen@gmail.com)
- 4c05bf1: feat: add TLS insecure config rule to flag insecure tls.Config settings (Matthew Hansen thatmatthansen@gmail.com)
- 3717ffe: feat: add bug report and feature request templates, along with a code of conduct (Matthew Hansen thatmatthansen@gmail.com)
- c249d5d: feat: add calibration tests for function length rule and enhance sensitive-data rules (Matthew Hansen thatmatthansen@gmail.com)
- 1b780bf: feat: add capability labels to rule definitions and update validation logic (Matthew Hansen thatmatthansen@gmail.com)
- db530f2: feat: add composite design rules for detecting god functions and hotspot files (Matthew Hansen thatmatthansen@gmail.com)
- cdabbb4: feat: add dashboard server and interactive report features (Matthew Hansen thatmatthansen@gmail.com)
- 2e7d379: feat: add goreleaser configuration for automated releases and build process (Matthew Hansen thatmatthansen@gmail.com)
- f1a4562: feat: add naming.contextual-generic rule to flag generic names in large contexts (Matthew Hansen thatmatthansen@gmail.com)
- f73e801: feat: add naming.misspelling and naming.package-stutter rules to flag common misspellings and package stutter identifiers (Matthew Hansen thatmatthansen@gmail.com)
- 2141278: feat: add naming.negated-boolean rule to flag boolean identifiers with negation prefixes (Matthew Hansen thatmatthansen@gmail.com)
- 40c3383: feat: add new security rules for archive path traversal, insecure random secret, SQL string query construction, and weak crypto primitives (Matthew Hansen thatmatthansen@gmail.com)
- 188e68e: feat: add option to ignore internal packages in exported symbol comment rule (Matthew Hansen thatmatthansen@gmail.com)
- 3c24498: feat: add parameter count and nesting depth rules with documentation comments (Matthew Hansen thatmatthansen@gmail.com)
- 758e7f2: feat: add performance testing script and update .gitignore for performance harness (Matthew Hansen thatmatthansen@gmail.com)
- b43cdd4: feat: add preflight checks script to run local verification gates for gruff-go (Matthew Hansen thatmatthansen@gmail.com)
- feb92e1: feat: add rules for identifier quality and sensitive data detection (Matthew Hansen thatmatthansen@gmail.com)
- 8fcb436: feat: add tests for sensitive data redaction across preview changes and real artifacts (Matthew Hansen thatmatthansen@gmail.com)
- 86890f9: feat: enable default for parser rules and update thresholds for maxDepth and maxParameters (Matthew Hansen thatmatthansen@gmail.com)
- bfd0ba3: feat: enhance SARIF contract tests with reversed definitions and additional validation (Matthew Hansen thatmatthansen@gmail.com)
- 9ee3fde: feat: enhance comments for clarity and detail across multiple files (Matthew Hansen thatmatthansen@gmail.com)
- 1ed0727: feat: enhance dashboard functionality with project root handling and context management (Matthew Hansen thatmatthansen@gmail.com)
- 0847575: feat: enhance documentation rules with minWordsBeyondSymbol and config-field-comment requirements (Matthew Hansen thatmatthansen@gmail.com)
- b4998b6: feat: enhance function length rule to count code-bearing lines and honor nolint directives (Matthew Hansen thatmatthansen@gmail.com)
- 9ca2f9f: feat: enhance function length rule to discount table-driven test fixtures and add external test package name exemption (Matthew Hansen thatmatthansen@gmail.com)
- bb48999: feat: enhance gitignore handling by refining include-ignored flag and fallback logic (Matthew Hansen thatmatthansen@gmail.com)
- d13705b: feat: enhance gitignore handling in discovery, add --include-ignored flag, and improve package summary checks (Matthew Hansen thatmatthansen@gmail.com)
- a36ff55: feat: enhance scoring output with coverage details and complexity distribution scope (Matthew Hansen thatmatthansen@gmail.com)
- 36edf95: feat: enhance test selection logic and improve error handling in quality checks (Matthew Hansen thatmatthansen@gmail.com)
- 7dd016c: feat: enhance testing skip detection to exclude third-party methods and improve assertion helper recognition (Matthew Hansen thatmatthansen@gmail.com)
- b4295f0: feat: enhance validation logic for thresholds and add new naming rules (Matthew Hansen thatmatthansen@gmail.com)
- 04f3e28: feat: enhance version bumping script to escape current version in sed replacements and improve changelog entries (Matthew Hansen thatmatthansen@gmail.com)
- 77137c0: feat: expand sensitive-data rule pack with new detectors for GitHub, Slack, Stripe, Google, and Anthropic API keys (Matthew Hansen thatmatthansen@gmail.com)
- f6efc11: feat: implement ANSI color output handling and enhance command usage display (Matthew Hansen thatmatthansen@gmail.com)
- 5b6c22d: feat: implement gitignore matcher and include-ignored option for discovery (Matthew Hansen thatmatthansen@gmail.com)
- 84d38ea: feat: implement gitignore-respecting discovery for scans and enhance command metadata (Matthew Hansen thatmatthansen@gmail.com)
- d8bcfc8: feat: implement parser-only scanner with baseline and analysis reports (Matthew Hansen thatmatthansen@gmail.com)
- cc4c9e3: feat: improve test error handling for golden diff mode and validate SARIF output (Matthew Hansen thatmatthansen@gmail.com)
- 269f73d: feat: introduce docs.config-field-comment rule for exported struct field documentation (Matthew Hansen thatmatthansen@gmail.com)
- 62356f3: feat: move goat-flow dependency to devDependencies in package.json and package-lock.json (Matthew Hansen thatmatthansen@gmail.com)
- 2ef07d0: feat: optimize function length rule and enhance .gitignore matcher performance (Matthew Hansen thatmatthansen@gmail.com)
- 3f59618: feat: optimize rule dispatch by caching definitions and enhancing active rule management (Matthew Hansen thatmatthansen@gmail.com)
- 449ba73: feat: raise default maxLines threshold for size.file-length from 400 to 500 (Matthew Hansen thatmatthansen@gmail.com)
- f1a2f9d: feat: refactor NewReport function to use structured input parameters (Matthew Hansen thatmatthansen@gmail.com)
- 86b351c: feat: refactor command help and usage display into separate file (Matthew Hansen thatmatthansen@gmail.com)
- 9bbc71c: feat: refine comments and documentation across multiple files for clarity and precision (Matthew Hansen thatmatthansen@gmail.com)
- 3ed52fd: feat: refine naming.get-prefix rule to exclude context accessors and enhance SQL string query detection for test schemas (Matthew Hansen thatmatthansen@gmail.com)
- bc445a5: feat: remove legacy opt-in tags from default-enabled rules and update related documentation (Matthew Hansen thatmatthansen@gmail.com)
- 1a91802: feat: rename config file to .gruff-go.yaml and update related references (Matthew Hansen thatmatthansen@gmail.com)
- 04ef53f: feat: rename waste-empty-block to dead-code-empty-block and update related configurations (Matthew Hansen thatmatthansen@gmail.com)
- f757c6a: feat: supersede ADR-002 with comprehensive default-enabled rule pack and adjust thresholds (Matthew Hansen thatmatthansen@gmail.com)
- 1ebf3c1: feat: update .gruff-go.yaml to ignore additional directories for analysis (Matthew Hansen thatmatthansen@gmail.com)
- 6b4ef2d: feat: update CI configuration to run preflight checks in GitHub Actions and rename job to 'preflight' (Matthew Hansen thatmatthansen@gmail.com)
- 3b6d0f4: feat: update SARIF output structure to include gruffFingerprint and ruleIndex fields (Matthew Hansen thatmatthansen@gmail.com)
- 70622e6: feat: update architecture and code-map documentation to reflect 30-rule default-enabled registry and add CI dogfood gate (...