v0.3.0

gruff-go v0.3.0

Install (pinned):

go install github.com/blundergoat/gruff-go/cmd/gruff-go@v0.3.0

Or pin per project as a dev tool (Go 1.24+):

go get -tool github.com/blundergoat/gruff-go/cmd/gruff-go@v0.3.0
go tool gruff-go analyse .

See CHANGELOG.md for the full notes.

Changelog

Features

• 606abb3: feat: add build script for gruff-go CLI compilation (@mattyhansen)
• 0fd8370: feat: add candidate rules for unused private symbols (const, type, var) with parser-only checks (@mattyhansen)
• f886abe: feat: add code comments and guidelines for documentation practices across multiple languages (@mattyhansen)
• 3fdc604: feat: add documentation for build artifacts and hook footguns with detailed guidance (@mattyhansen)
• 2d731e0: feat: add family launcher bin/gruff-go.sh for CLI execution and automatic rebuilding (@mattyhansen)
• 8e78fef: feat: add new opt-in sensitive-data rules for high-entropy strings, PII, and PHI patterns with configurable thresholds (@mattyhansen)
• a5e334d: feat: add new parser-only rules for Go-module dependency posture and GitHub Actions workflows, enhancing security checks (@mattyhansen)
• dd9f694: feat: add new security rules for sensitive data logging and improve changelog details (@mattyhansen)
• 3db53d1: feat: add seven new parser-only security rules for request-controlled values, enhancing application security (@mattyhansen)
• eeea88f: feat: calibrate gruff rules, scoring, docs, and preflight release checks (@mattyhansen)
• da3d583: feat: codify mission and enhance agent hook contract; implement diff-aware analysis and authoritative path ignoring (@mattyhansen)
• 08ef6dc: feat: enhance baseline generation validation and improve local replace path handling (@mattyhansen)
• 7585df6: feat: enhance build artifact management by ignoring bin/gruff-go and updating related documentation (@mattyhansen)
• d1de2a8: feat: enhance changelog with new release details, sensitive-data rules, and breaking changes (@mattyhansen)
• df8340a: feat: enhance security analysis by fixing false positives and improving baseline handling (@mattyhansen)
• faf1c30: feat: enhance security rules and CLI argument handling for improved precision (@mattyhansen)
• 250051f: feat: enhance security rules to improve detection of unpinned GitHub Actions and path traversal vulnerabilities (@mattyhansen)
• 78158e5: feat: implement agent hook contract v1 with JSON output for new-only findings and capabilities (@mattyhansen)
• a2cbe53: feat: implement native changed-region support in analyse command with new flags and JSON output (@mattyhansen)
• db10792: feat: unify analysis JSON schema to gruff.analysis.v2 across all output formats (@mattyhansen)
• 63bd8d8: feat: unify text output format and introduce static-analysis-redundant test candidate rule (@mattyhansen)
• 09b6db8: feat: update .gitignore to include root build artifact for gruff-go (@mattyhansen)
• 14a31f8: feat: update changelog for toolchain security bump and enhance adversarial test coverage (@mattyhansen)
• b66aa36: feat: update documentation to reflect automated release publishing and versioning changes (@mattyhansen)
• 9d5edbf: feat: update goat-flow reference version to 1.9.1 across documentation and configuration files (@mattyhansen)
• 4a29fac: feat: update goat-flow reference version to 1.9.1 across various documentation and configuration files (@mattyhansen)

Bug fixes

• 12dc602: fix: enhance diff analysis to maintain full project context and improve security rule precision (@mattyhansen)

Other

• 455adab: refactor: remove god-function composite rule and update related tests and scoring logic (@mattyhansen)
• 2f72c67: refactor: reorganize documentation structure and update version references to 1.10.1 (@mattyhansen)
• 9a3bcf6: refactor: reorganize documentation structure and update version references to 1.10.1 (@mattyhansen)
• c673c79: refactor: update comments in golden_test.go for clarity on compositeConfig behavior (@mattyhansen)

---

Full changelog: v0.2.0...v0.3.0