Releases: klarlabs-studio/coverctl
Releases · klarlabs-studio/coverctl
Release list
Release v1.18.0
Changelog
- a431961 chore(ci): use reusable nox-remediate workflow (#102)
- f1b7c05 chore(deps): bump astro from 6.2.1 to 6.4.8 in /docs (#93)
- ebb992d chore(deps): bump esbuild, @astrojs/starlight and astro in /docs (#101)
- 2a26e12 chore(deps): bump js-yaml from 4.1.1 to 4.3.0 in /docs (#98)
- 65f45dc chore(deps): bump vite, @astrojs/starlight and astro in /docs (#100)
- a51ce93 ci(lint): exclude FP-prone gosec rules new in golangci v2.12.2
- 60d109a ci(security): drop gosec — nox owns code-level security (#90)
- af51a00 ci(security): enable nox taint-analysis SAST
- c6c7d71 ci: add .nox.yaml — exclude entropy-rule false positives
- f922055 ci: adopt shared reusable Go CI workflow
- 3777ba9 ci: bump actions/checkout from 6.0.2 to 7.0.0 (#94)
- 57b4310 ci: bump actions/setup-go from 6.4.0 to 6.5.0 (#96)
- 81368f7 ci: nox-remediate (replaces dependabot)
- 79acf3a ci: remove dependabot (superseded by nox-remediate)
- 46324e1 ci: remove dependabot (superseded by nox-remediate)
- 1dbaee1 deps: bump go.klarlabs.de/mcp from 1.15.0 to 1.20.0 (#97)
- b6b3ea5 deps: bump golang.org/x/net from 0.54.0 to 0.55.0 (#99)
- 6272205 deps: bump golang.org/x/sys from 0.45.0 to 0.46.0 (#91)
- 2cbfdbe docs(changelog): v1.18.0 — security & correctness hardening (#110)
- 619c49b fix(ci): merge gosec excludes into existing settings block
- 460751c fix(diff): parse changed files with -z to survive core.quotePath (#104)
- fa60c26 fix(gate): close fail-open paths in coverage evaluation (#103)
- 0967654 fix(mcp): harden server trust boundary (#108)
- 76f6dfe fix(resolver): correct ** matching and fail closed on zero-match domains (#106)
- 8676394 fix(robustness): cap parser input, guard JaCoCo overflow, bound subprocess output & fix Windows path matching (#109)
- 1414e99 fix(security): enforce path containment in annotation scan and config extends (#105)
- e8314c0 fix(vcs): harden GitHub/GitLab/Bitbucket API clients (#107)
- 4dd7b88 fix: WriteString(fmt.Sprintf) -> fmt.Fprintf (QF1012)
- e0694c5 fix: publish MCP server under io.github.klarlabs-studio namespace (#83)
- e4c67dc style: adopt org golangci bar and clear new findings
Release v1.17.0
Release v1.16.0
Changelog
- f792e79 chore(deps): patch devalue in docs site
- a4d085a chore(roady): add 3 follow-up features from usability findings
- c7f7bd0 chore(sec): update nox baseline for Wave 1 doc additions
- 9afeada ci(actions): add concurrency + path filters
- 512113b ci(docs): bump Node 20 → 22 (Astro 6 requires >=22.12.0)
- ce087dd ci: bump actions/upload-artifact from 4.6.2 to 7.0.1 (#64)
- a9d3ad3 ci: bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#56)
- 73373ab ci: bump github/codeql-action from 4.35.3 to 4.36.0 (#75)
- 31ecaa7 ci: bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#71)
- 75a7c27 ci: bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 (#72)
- 9d3c112 ci: bump nox to v0.8.1 + refresh baseline (closes false-positive flood)
- f544d0a ci: bump sigstore/cosign-installer from 3.9.1 to 4.1.2 (#67)
- 5d89d77 ci: lock GITHUB_TOKEN to contents:read at workflow level
- 98d5ace deps: bump github.com/felixgeelhaar/mcp-go from 1.10.0 to 1.13.0 (#73)
- 9697dc2 deps: bump github.com/fsnotify/fsnotify from 1.10.0 to 1.10.1 (#65)
- 6c9e135 deps: bump github.com/fsnotify/fsnotify from 1.9.0 to 1.10.0 (#58)
- f2b0a1a deps: bump golang.org/x/sys from 0.42.0 to 0.43.0 (#54)
- 80f4118 deps: bump golang.org/x/sys from 0.43.0 to 0.45.0 (#74)
- 38d1b5f deps: bump mcp-go 1.10, go-isatty 0.0.22, otel suite 1.43 (closes GHSA-hfvc-g4fc-pqhx)
- fa76a01 docs(research): four-expert review of README + landing → 5 features queued
- 36cbac2 docs(research): usability findings via closed issues + synthetic personas
- 978e0d9 docs(research): usability test protocol + findings template
- 8da5653 feat(docs): editorial-terminal visual revamp + agent-loop SVG + new logo
- 3bc99e5 feat(docs): site revamp Wave 1 — IA, agent-loop tutorial, SEO frontmatter, new pages
- c78b057 feat(docs+sec): wedge-aligned README/landing rewrite + nox findings closed
- bcf671d feat(eval+gtm): add LLM-as-judge layer, eval CI gate, PMF survey command
- 4a73a0c feat: improve agent-loop coverage workflows and trust docs
- 33b1e89 feat: re-anchor to agent-loop wedge + harden MCP boundary + eval harness
- 15174bc feat: usability follow-ups — module-root remediation, Rust tabs, mcp doctor
- 4c19d95 fix(ci): pin cosign CLI to 2.6.3 to unblock release signing (#76)
- 9aad94d fix(docs): cull italic-serif, hoist AgentLoop into hero, agent-session chrome, FAIL color
- 9cf445b fix(docs): light-theme body text was rendering white-on-paper
- 2329b5b fix(docs): transcript bg cleared too aggressively in last commit
- 1a34391 fix(docs): transcript dark in both themes; rebuild logo
- 50f43dd fix(docs/a11y): WCAG 2.2 fixes — SVG description, touch targets, contrast, motion
- a98b9e0 fix(lint): satisfy staticcheck on session-2 tests
- 40cb574 fix(lint): use US-English spelling (Centralized, serialization)
Release v1.15.0
Changelog
- 1d92fa6 ci(release): sign artifacts with cosign and emit SBOM
- 3d74187 ci: bump actions/configure-pages from 5 to 6
- 2c1df0f ci: bump actions/deploy-pages from 4 to 5
- ebc5d7e ci: pin GitHub Actions to commit SHAs
- 90222eb docs(research): add ECP discovery interview script
- ab80f35 feat(cli): add --max-runtime ceiling on check, run, record
- d7fa139 feat(cli,mcp): add structured logging with --debug global flag
- ca2f477 feat(cmdrun): add structured exec wrapper for forensic visibility
- f0ab0a1 feat(mcp): harden server against prompt-injection attacks
- 8d731c1 feat(mcp): rate-limit pr-comment to prevent agent loop spam
- 5250ff0 feat(pathutil): add ValidateScopedPath for untrusted-input scope enforcement
- 866692c feat(runners): wire cmdrun structured logging into all 13 remaining runners
- 2106628 fix(deps): bump astro to v6 + starlight to v0.38 (closes XSS CVE-2026-41067)
- e662d70 fix(deps): patch non-breaking docs vulnerabilities (vite, defu, postcss)
- 10d38fc fix: resolve stale security findings and unused code warnings
- b80a135 refactor(application): delegate Service.PRComment to PRCommentHandler
- 9bbb184 refactor(cli): extract check, run, record, pr-comment from cli.go switch
- c1cdce2 refactor(cli): extract remaining 10 cases from cli.go switch
- e2f0ec4 refactor(runners): make TypeScript→JavaScript a data-driven alias
- dc4f520 refactor: consolidate language metadata into single canonical registry
- 82511a1 security: lock NewClientWithHTTP behind a fitness function
- e6f6927 test(architecture): add fitness functions enforcing layer + size + parity invariants
- 92577c8 test(mcp): assert Service interface parity with application.Service
Release v1.14.0
Changelog
- 542698a build(deps): bump astro from 5.16.6 to 5.18.1 in /docs
- fcba5da build(deps): bump devalue from 5.6.3 to 5.6.4 in /docs
- 0d81d8d build(deps): bump h3 from 1.15.5 to 1.15.9 in /docs
- f19ceec build(deps): bump picomatch in /docs
- 5aa9874 build(deps): bump smol-toml from 1.6.0 to 1.6.1 in /docs
- a112bac build(deps): bump svgo from 4.0.0 to 4.0.1 in /docs
- c6a2e49 chore(release): update changelog for v1.13.0
- 2b66359 deps: bump github.com/felixgeelhaar/mcp-go from 1.7.0 to 1.8.0
- 40416ef deps: bump golang.org/x/sys from 0.41.0 to 0.42.0
- 9e62cae deps: bump google.golang.org/grpc from 1.78.0 to 1.79.3
- 9af9587 feat: add language-aware format fallback in parser registry
- 127048c fix: improve LCOV format detection for Rust coverage profiles
Release v1.13.0
Changelog
- 914b033 build(deps): bump devalue from 5.6.2 to 5.6.3 in /docs
- 59bdf5f build(deps): bump rollup from 4.54.0 to 4.59.0 in /docs
- 857209c ci: bump goreleaser/goreleaser-action from 6 to 7
- 1959571 deps: bump github.com/felixgeelhaar/mcp-go from 1.5.0 to 1.7.0
- 03eccd2 deps: bump golang.org/x/sys from 0.40.0 to 0.41.0
- f1abbf1 feat: add coverage support for C#, C/C++, PHP, Ruby, and Swift
- 08969b6 feat: add coverage support for Dart, Scala, Elixir, and Shell
- 5e4a73d feat: make coverctl language-agnostic with multi-format parser registry
- a9d2b25 fix: handle Go workspace in ModulePath resolution
- d6007cb fix: resolve gofmt formatting issues in cli and annotations
- 493e04e fix: resolve nox security findings and add scan baseline
- 6414d52 fix: resolve self-referential nox scan and expand security baseline
- 40be00f fix: use credential store for homebrew tap clone in CI
- 870af12 refactor: replace VerdictSec with nox for security scanning
Release v1.12.2
Changelog
- 09d8207 build(deps): bump devalue from 5.6.1 to 5.6.2 in /docs (#25)
- 786fad5 build(deps): bump diff from 5.2.0 to 5.2.2 in /docs (#28)
- 003e5bb build(deps): bump h3 from 1.15.4 to 1.15.5 in /docs (#26)
- 2ab4d2d deps: bump github.com/felixgeelhaar/mcp-go from 1.4.0 to 1.5.0 (#27)
- 47fb880 deps: bump golang.org/x/sys from 0.39.0 to 0.40.0 (#21)
Release v1.12.1
Release v1.12.0
Release v1.11.0
Changelog
- 0e75daa feat: add DDD domain layer, improve test coverage, and update docs
- 81e1e7c feat: add multi-language coverage profile support
- 1d4048b feat: add multi-language coverage runner support
- e5c3bfb feat: add multi-language domain resolution and autodetection
- 0bfcbd1 fix: add platform-specific file locking for Windows compatibility
- 9521c93 sec: fix gosec findings and improve test coverage