v0.2.3

Added

• php (Laravel + Symfony) structural support (#97)
• ruby (Rails + Pundit + CanCanCan + Devise) structural support (#96)
• kotlin (Spring + Ktor) structural support (#93)

v0.2.2

Added

• (scanner) cross-file Go policy bindings + policy-impl path bypass (#83)
• javax/jakarta annotation coverage, JAX-RS rule, Route category (#80)
• detect bare identifier role checks (#77)

Changed

• extract PolicyGenerator trait and collapse parallel engine fields (#79)

v0.2.1

Added

• detect Cedar enforcement points (#76)
• add Cedar as a second policy engine (#72)

v0.2.0

Added

• [breaking] add C# structural support (#69)

v0.1.9

Added

• (scanner/imports) detect policy imports across languages (#67)

v0.1.8

Added

• bound public API surface + fix broken CLI surface (OSS P0) (#47)

v0.1.7

Added

• (output) promote externalization percentage to headline (#54)
• scanner output follow-ups (surface, snippet fallback, enforcement_points) (#55)
• (rules) corpus shakedown rule pass — coverage for Gitea, Ghost, Cal.com, OpenMRS, Zulip (#50)
• (deep) unwrap claude-code envelope and broaden Go authz coverage (#48)

Fixed

• (output) add missing surface field to test Finding constructors (#59)

v0.1.6

Fixed

• match bare-function middleware values in gin/echo rule (#44)

v0.1.5

Added

• add Go structural scanning support (#32)
• add Python structural scanning support (#29)

v0.1.4

Fixed

• (rules/java) require principal-side getter in ownership-check (#25)