Skip to content

Releases: jinyounghub/agentic-workflow-guard

v0.2.1

Choose a tag to compare

@jinyounghub jinyounghub released this 16 Jul 16:07

What's changed

  • Added a 30-second advisory GitHub Action quick start near the top of the README.
  • Added a real synthetic report preview plus direct links to the successful demo run and Marketplace listing.
  • Declared the Action's report-path, findings, and severity-count outputs in action.yml.
  • Added metadata coverage so declared outputs stay aligned with the runtime.
  • Stabilized the committed baseline fixture test across Windows path aliases.

Install

npm install --save-dev @jin0/agentic-workflow-guard@0.2.1

GitHub Actions users can continue using jinyounghub/agentic-workflow-guard@v0, which now points to this release.

Full changelog: v0.2.0...v0.2.1

v0.2.0

Choose a tag to compare

@jinyounghub jinyounghub released this 05 Jul 13:30
1bc05b4

v0.2.0

Public OSS release focused on real-world adoption: noise control, data-flow precision, catalog verification, and contributor onboarding.

Added

  • Config file support with rule disable, severity override, path excludes, and narrow suppressions.
  • Baseline support for accepted existing findings.
  • Finding fingerprints and active/suppressed/baselined report state.
  • Improved GitHub expression handling and one-step env data-flow detection for AI output references.
  • Verified AI action catalog metadata and documentation.
  • Contributor onboarding docs and beginner-friendly synthetic fixtures.

Verification

  • npm run lint
  • npm test
  • npm run build
  • npm audit --audit-level=moderate
  • npm pack --dry-run
  • workflow self-scan
  • fixture scans
  • SARIF JSON parse check

v0.1.1

Choose a tag to compare

@jinyounghub jinyounghub released this 05 Jul 07:47

v0.1.1

Patch release focused on public project hardening and package verification.

Changed

  • Added npm smoke-test evidence.
  • Added CI package smoke test and self-scan artifacts.
  • Added project health metrics.
  • Added adoption guidance and release checklist documentation.
  • Removed private planning material from public docs.
  • Updated README badges, usage examples, and early maturity notes.

Verification

  • npm ci
  • npm run lint
  • npm test
  • npm run build
  • npm audit --audit-level=moderate
  • npm pack --dry-run
  • packed CLI smoke test
  • workflow self-scan Markdown/SARIF artifact generation

v0.1.0

Choose a tag to compare

@jinyounghub jinyounghub released this 04 Jul 21:07

v0.1.0

Initial public release of agentic-workflow-guard.

Highlights

  • TypeScript CLI for scanning GitHub Actions workflow files.
  • GitHub Action wrapper with bundled runtime in dist/action.
  • Markdown, JSON, and SARIF report output.
  • AI action catalog seed for Codex, Claude Code, Gemini CLI, and GitHub Models inference.
  • Rules R001-R109 for prompt boundaries, untrusted GitHub context, privileged permissions, pwn-request checkout, prompt-to-script flow, sensitive sinks, floating AI action refs, missing permissions, and secrets exposed to agent steps.
  • Synthetic safe and vulnerable fixtures with Vitest coverage.
  • Threat model, rule catalog, comparison docs, and responsible disclosure guidance.

Package

Published to npm as @jin0/agentic-workflow-guard.