Skip to content

v2.91.0: security candidate tiers, safer telemetry, lower memory on large repos

Latest
Latest

Choose a tag to compare

View all tags
@BartWaardenburg BartWaardenburg released this 09 Jun 17:42
· 26 commits to main since this release
v2.91.0
This tag was signed with the committer’s verified signature.
BartWaardenburg Bart Waardenburg
GPG key ID: 0F3DC0B8D9F6E258
Verified
Learn about vigilant mode.
6e87e12
This commit was signed with the committer’s verified signature.
BartWaardenburg Bart Waardenburg
GPG key ID: 0F3DC0B8D9F6E258
Verified
Learn about vigilant mode.

fallow 2.91.0 sharpens the fallow security candidate layer with review-priority tiers and far fewer false positives, expands the opt-in telemetry contract with privacy-preserving workflow dimensions, and cuts peak memory on large repositories.

Security candidates

fallow security stays an opt-in, candidate-only layer (findings are evidence for an agent or human to verify, never proven vulnerabilities), and this release makes those candidates easier to triage and trust:

  • Per-candidate severity tiers. Each candidate now carries a required severity (high, medium, or low) derived from existing reachability, boundary, source-backed, and runtime-hot signals. Human output prefixes the tier, the independent security JSON schema bumps to "2", and SARIF maps high/medium to warning while low stays note. The tier is review priority only; it does not change gate or exit semantics. (#1096)
  • No more ORM false positives. The HTTP request-input patterns (*.query, *.params, *.body) now fire only on a recognized request receiver (req, request, ctx, context, event), so db.query (Drizzle), prisma.query, and similar data-access accessors no longer classify a whole module as an untrusted source. (#1092)
  • Arg-level vs module-level taint. Candidates now carry a structured reachability.taint_confidence (arg-level when the sink argument traces back to a source read in the same statement, module-level when the sink only lives in a reachable module), and traces point at the real source read instead of the file's top-of-file import. (#1093)
  • Local-binding taint propagation. Request input embedded in a template literal, string concatenation, or object literal before reaching a sink now keeps the source-backed ranking signal (one hop). (#1095)
  • Declarative validation boundaries. Route-level validation in Elysia, Fastify, tRPC, Hono, NestJS, and express-validator is surfaced as a defensive control, changing the verification prompt rather than suppressing candidates. (#1094)
  • Richer SARIF. fallow security --format sarif now emits codeFlows / threadFlows from the taint trace, security rules carry name and help, and CWE-backed rules link to a run-level CWE taxonomy. (#1097)
  • fallow explain covers security categories (tainted-sink, client-server-leak, hardcoded-secret, and each security/<category> id). (#1098)
  • End-to-end agent verification recipe combining --surface, candidate evidence, caller-gathered source windows, and MCP security_candidates into a verifier-filtered survivor list, with model calls kept outside fallow core. (#1099)

Telemetry (opt-in, allowlisted)

Telemetry stays off by default and allowlisted (no paths, names, config values, or source). This release closes accuracy gaps and removes its latency cost:

  • New coarse dimensions: run context (run_scope, config_shape, output_destination, analysis_mode) (#1079), outcome buckets (result_count_bucket, report_truncated, truncation_reason) (#1080), a coarse failure_reason on failed events (#1063), analysis-scale buckets (#1064), admin workflow labels (#1061), parent-run follow-up dimensions (#1078), cache-state segmentation for code-quality-review duration (#1062), and findings_present for audit and security (#1060).
  • Telemetry no longer adds latency. Events are spooled to a local file at exit (sub-millisecond, no network) and uploaded on a background thread during a later run, so the upload is never on your command's critical path.

Memory and stability on large repositories

  • Lower peak memory. Per-file extraction payloads that resolution and graph construction have already consumed are released after that phase, with the module data later phases need retained and compacted. No change to analysis output. (#1104)
  • A single huge generated file no longer OOMs fallow. Source files over a per-file limit (default 5 MB) are skipped at discovery and reported on stderr and in JSON (workspace_diagnostics, kind: "skipped-large-file"). Tune with --max-file-size <MB> or FALLOW_MAX_FILE_SIZE; .d.ts files are always analyzed. (#1086)
  • VS Code backs off when analysis keeps failing. Automatic analysis pauses after repeated failures (a manual run forces a retry), and extension-triggered analysis passes a default per-file size ceiling so one huge file cannot drive the editor process out of memory. (#1105)

Bug fixes

  • VS Code: binaries no longer fail to install when several windows open at once. Installs are serialized with a lock and written atomically, so concurrent windows reuse the result instead of racing. Thanks @XCanG for the report. (#1091)
  • VS Code: sidebar clicks open Next.js dynamic route files on Windows. Paths such as src/app/[productId]/page.tsx no longer arrive URL-encoded and fail to open. Thanks @Dev-CleverMath for the report. (#1071)

Plus routine dependency updates.

Full Changelog: v2.90.0...v2.91.0

Assets 58
Loading