Releases: devlukeg/pkgwhy
Release list
pkgwhy 1.9.0
Adds Team/CI commercial foundations: CI/PR summaries, policy templates and policy testing, local exceptions and approvals, review bundles, static dashboards, agent install planning, repo checks, beta/feedback routing, version and doctor commands.
pkgwhy 1.8.0
Adds safe package metadata extraction, pkgwhy metadata, local policy files, review history, reports, CI command, beta/feedback commands, and commercial Team/Cloud foundation.
pkgwhy 1.6.0
Improves agent usability with a stronger decision JSON contract, exit-code meanings, batch precheck summaries, JSON error outputs, registry trust-state JSON, tool validation, tool capability detection, and agent check dispatching.
pkgwhy 1.0.0
pkgwhy 1.0.0 release. Python package intelligence and supply-chain security decision-support CLI for developers and AI agents. Includes offline package inspection, vulnerability/provenance signals, static rule evidence, agent-readable JSON, local private-tool registry/runner support, and conservative policy decisions. Dynamic analysis remains experimental and out of scope for 1.0 production guarantees.
pkgwhy 1.0.0rc1
Release candidate for pkgwhy 1.0.0. Includes package intelligence, vulnerability/provenance foundations, static rule evidence, local registry/runner MVP, dynamic analysis skeleton, and agent policy hardening. Dynamic analysis remains experimental/out-of-scope for 1.0 production guarantees.
pkgwhy 0.6.0a0 pre-alpha developer preview
Pre-alpha developer preview. Includes offline package inspection, agent-readable judgement, local registry, local publish/tool inspect/tool judge, local runner MVP, vulnerability/provenance foundation, static rule evidence, dynamic sandbox design skeleton, and agent policy hardening. Not production security advice and not full OS sandboxing.
pkgwhy 0.2.0a0 pre-alpha developer preview
Pre-alpha developer preview. Includes offline package inspection, agent-readable judgement, local registry, local publish/tool inspect/tool judge, and local runner MVP. Not production security advice and not full OS sandboxing.