Skip to content

Vanta v0.4.0

Choose a tag to compare

@github-actions github-actions released this 27 Jun 21:00

Vanta v0.4.0 — Security + Modularity

A security-skills pack you can run on any repo, every fixable CVE cleared, and a codebase-wide modularity pass — all behavior-preserving (full suite green throughout).

Install / upgrade: curl -fsSL https://raw.githubusercontent.com/jpoindexter/Vanta/main/bootstrap.sh | bash — the installer pulls this release's prebuilt kernel automatically. Only git required.

✨ Added

  • security-skills packsecret-scan, dependency-audit, sast-scan, security-preflight: grounded SKILL.md runbooks plus a runnable scan.sh one-command gate (secrets → dependency CVEs → SAST, no agent required). Bundled into Vanta and published standalone at jpoindexter/security-skills.
  • Live provider-recovery proofscripts/reliability-recovery.sh verifies the transient-retry actually recovers (not just stops) on a real stalled provider call; VANTA_CODEX_BASE_URL makes the codex endpoint overridable.

🔒 Fixed (security)

  • Shipped runtime is clean — 0 secrets across 2,003 commits, 0 runtime CVEs, kernel zero-dependency.
  • Every vanta-ts dev-tooling CVE cleared (incl. a vitest 9.8 critical) by migrating to vitest 3 / vite 6 + an esbuild override → osv-scanner reports 0 vulnerabilities.
  • Docs site: serialize-javascript RCE/DoS → override 7.0.6; uuid bounds bug → override 11.1.1 (docusaurus build verified). The full triage is recorded in SECURITY.md §7b.

🧱 Modularity (no behavior change)

  • The size gate now has zero exemptions — the factory/* autonomous-loop code was brought into compliance, with the is_protected_path kernel-mirror kept byte-identical.
  • 65 source files modularized under the 200-line soft target (70 → 5) across 6 verified waves — pure-helper / parser / sub-concern extractions, public exports re-exported so importers and tests needed zero edits. The 5 remaining files are deliberately-cohesive registries / type-systems, left whole on purpose.

✅ Verified

Full suite 977 files / 11,132 tests green · 67 kernel tests · tsc clean · size gate clean across 1,272 files · release build OK.

Full changelog: CHANGELOG.md · compare v0.3.0...v0.4.0