2.0.0

Support for text and structured-markup files: .txt, .md, .yaml, .rst, which are scanned for hidden payloads. Embedded code is extracted and run through the language-specific checks.

New encrypted-archive-extraction signal: extracting or decrypting a password-protected archive with the secret supplied inline (unzip -P, 7z -p, gpg --passphrase, openssl enc -d -k/-pass)

1.5.0

Refined Python detections with copy_fail.py fixture.

When using --format sarif and no detections are found, a valid SARIF JSON is still emitted.

1.4.0

LLM review now downgrades WARN and CRITICAL findings if they are determined to be "likely_benign" or "inconclusive" with 70% or more confidence.

1.3.0

• LLM review pass (--llm): optional fourth analysis step that sends WARN and CRITICAL findings to an LLM (Anthropic, OpenAI, or Ollama cloud) for false-positive validation. Findings are batched by payload size and keyed by path:line:col for stable matching. Verdicts (0–4 scale: dismissed → confirmed) are rendered inline in human output and embedded in JSON and SARIF outputs.
• New Bash/Shell detections: /dev/tcp and /dev/udp covert socket (bash-dev-tcp-socket), variable-as-command-name dynamic execution, PATH hijacking via redirect to a command-named file (path-command-shadow), and encoded dropper pipeline elevation (base64 -d | bash → critical).
• Glassworm-style invisible payload detection: ≥4 Unicode variation selector or Tags block characters on one line are aggregated into a single critical finding with the decoded payload string.

1.2.0

Updates to the public interface.

1.1.0

Updates to the public interface.

1.0.0

Initial release.