Skip to content

Releases: klarlabs-studio/coverctl

Release v1.18.0

Choose a tag to compare

@github-actions github-actions released this 06 Jul 01:01
v1.18.0
2cbfdbe

Changelog

  • a431961 chore(ci): use reusable nox-remediate workflow (#102)
  • f1b7c05 chore(deps): bump astro from 6.2.1 to 6.4.8 in /docs (#93)
  • ebb992d chore(deps): bump esbuild, @astrojs/starlight and astro in /docs (#101)
  • 2a26e12 chore(deps): bump js-yaml from 4.1.1 to 4.3.0 in /docs (#98)
  • 65f45dc chore(deps): bump vite, @astrojs/starlight and astro in /docs (#100)
  • a51ce93 ci(lint): exclude FP-prone gosec rules new in golangci v2.12.2
  • 60d109a ci(security): drop gosec — nox owns code-level security (#90)
  • af51a00 ci(security): enable nox taint-analysis SAST
  • c6c7d71 ci: add .nox.yaml — exclude entropy-rule false positives
  • f922055 ci: adopt shared reusable Go CI workflow
  • 3777ba9 ci: bump actions/checkout from 6.0.2 to 7.0.0 (#94)
  • 57b4310 ci: bump actions/setup-go from 6.4.0 to 6.5.0 (#96)
  • 81368f7 ci: nox-remediate (replaces dependabot)
  • 79acf3a ci: remove dependabot (superseded by nox-remediate)
  • 46324e1 ci: remove dependabot (superseded by nox-remediate)
  • 1dbaee1 deps: bump go.klarlabs.de/mcp from 1.15.0 to 1.20.0 (#97)
  • b6b3ea5 deps: bump golang.org/x/net from 0.54.0 to 0.55.0 (#99)
  • 6272205 deps: bump golang.org/x/sys from 0.45.0 to 0.46.0 (#91)
  • 2cbfdbe docs(changelog): v1.18.0 — security & correctness hardening (#110)
  • 619c49b fix(ci): merge gosec excludes into existing settings block
  • 460751c fix(diff): parse changed files with -z to survive core.quotePath (#104)
  • fa60c26 fix(gate): close fail-open paths in coverage evaluation (#103)
  • 0967654 fix(mcp): harden server trust boundary (#108)
  • 76f6dfe fix(resolver): correct ** matching and fail closed on zero-match domains (#106)
  • 8676394 fix(robustness): cap parser input, guard JaCoCo overflow, bound subprocess output & fix Windows path matching (#109)
  • 1414e99 fix(security): enforce path containment in annotation scan and config extends (#105)
  • e8314c0 fix(vcs): harden GitHub/GitLab/Bitbucket API clients (#107)
  • 4dd7b88 fix: WriteString(fmt.Sprintf) -> fmt.Fprintf (QF1012)
  • e0694c5 fix: publish MCP server under io.github.klarlabs-studio namespace (#83)
  • e4c67dc style: adopt org golangci bar and clear new findings

Release v1.17.0

Choose a tag to compare

@github-actions github-actions released this 06 Jun 20:32
v1.17.0
a9ab2b2

Changelog

  • 73c384a ci: dependabot auto-merge (patch+minor) (#78)
  • a9ab2b2 feat!: migrate module path to go.klarlabs.de/coverctl (#82)
  • 4ee6388 fix(release): migrate cosign signing to v4 bundle format (#77)

Release v1.16.0

Choose a tag to compare

@github-actions github-actions released this 02 Jun 15:23
4c19d95

Changelog

  • f792e79 chore(deps): patch devalue in docs site
  • a4d085a chore(roady): add 3 follow-up features from usability findings
  • c7f7bd0 chore(sec): update nox baseline for Wave 1 doc additions
  • 9afeada ci(actions): add concurrency + path filters
  • 512113b ci(docs): bump Node 20 → 22 (Astro 6 requires >=22.12.0)
  • ce087dd ci: bump actions/upload-artifact from 4.6.2 to 7.0.1 (#64)
  • a9d3ad3 ci: bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#56)
  • 73373ab ci: bump github/codeql-action from 4.35.3 to 4.36.0 (#75)
  • 31ecaa7 ci: bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#71)
  • 75a7c27 ci: bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 (#72)
  • 9d3c112 ci: bump nox to v0.8.1 + refresh baseline (closes false-positive flood)
  • f544d0a ci: bump sigstore/cosign-installer from 3.9.1 to 4.1.2 (#67)
  • 5d89d77 ci: lock GITHUB_TOKEN to contents:read at workflow level
  • 98d5ace deps: bump github.com/felixgeelhaar/mcp-go from 1.10.0 to 1.13.0 (#73)
  • 9697dc2 deps: bump github.com/fsnotify/fsnotify from 1.10.0 to 1.10.1 (#65)
  • 6c9e135 deps: bump github.com/fsnotify/fsnotify from 1.9.0 to 1.10.0 (#58)
  • f2b0a1a deps: bump golang.org/x/sys from 0.42.0 to 0.43.0 (#54)
  • 80f4118 deps: bump golang.org/x/sys from 0.43.0 to 0.45.0 (#74)
  • 38d1b5f deps: bump mcp-go 1.10, go-isatty 0.0.22, otel suite 1.43 (closes GHSA-hfvc-g4fc-pqhx)
  • fa76a01 docs(research): four-expert review of README + landing → 5 features queued
  • 36cbac2 docs(research): usability findings via closed issues + synthetic personas
  • 978e0d9 docs(research): usability test protocol + findings template
  • 8da5653 feat(docs): editorial-terminal visual revamp + agent-loop SVG + new logo
  • 3bc99e5 feat(docs): site revamp Wave 1 — IA, agent-loop tutorial, SEO frontmatter, new pages
  • c78b057 feat(docs+sec): wedge-aligned README/landing rewrite + nox findings closed
  • bcf671d feat(eval+gtm): add LLM-as-judge layer, eval CI gate, PMF survey command
  • 4a73a0c feat: improve agent-loop coverage workflows and trust docs
  • 33b1e89 feat: re-anchor to agent-loop wedge + harden MCP boundary + eval harness
  • 15174bc feat: usability follow-ups — module-root remediation, Rust tabs, mcp doctor
  • 4c19d95 fix(ci): pin cosign CLI to 2.6.3 to unblock release signing (#76)
  • 9aad94d fix(docs): cull italic-serif, hoist AgentLoop into hero, agent-session chrome, FAIL color
  • 9cf445b fix(docs): light-theme body text was rendering white-on-paper
  • 2329b5b fix(docs): transcript bg cleared too aggressively in last commit
  • 1a34391 fix(docs): transcript dark in both themes; rebuild logo
  • 50f43dd fix(docs/a11y): WCAG 2.2 fixes — SVG description, touch targets, contrast, motion
  • a98b9e0 fix(lint): satisfy staticcheck on session-2 tests
  • 40cb574 fix(lint): use US-English spelling (Centralized, serialization)

Release v1.15.0

Choose a tag to compare

@github-actions github-actions released this 03 May 20:18
2106628

Changelog

  • 1d92fa6 ci(release): sign artifacts with cosign and emit SBOM
  • 3d74187 ci: bump actions/configure-pages from 5 to 6
  • 2c1df0f ci: bump actions/deploy-pages from 4 to 5
  • ebc5d7e ci: pin GitHub Actions to commit SHAs
  • 90222eb docs(research): add ECP discovery interview script
  • ab80f35 feat(cli): add --max-runtime ceiling on check, run, record
  • d7fa139 feat(cli,mcp): add structured logging with --debug global flag
  • ca2f477 feat(cmdrun): add structured exec wrapper for forensic visibility
  • f0ab0a1 feat(mcp): harden server against prompt-injection attacks
  • 8d731c1 feat(mcp): rate-limit pr-comment to prevent agent loop spam
  • 5250ff0 feat(pathutil): add ValidateScopedPath for untrusted-input scope enforcement
  • 866692c feat(runners): wire cmdrun structured logging into all 13 remaining runners
  • 2106628 fix(deps): bump astro to v6 + starlight to v0.38 (closes XSS CVE-2026-41067)
  • e662d70 fix(deps): patch non-breaking docs vulnerabilities (vite, defu, postcss)
  • 10d38fc fix: resolve stale security findings and unused code warnings
  • b80a135 refactor(application): delegate Service.PRComment to PRCommentHandler
  • 9bbb184 refactor(cli): extract check, run, record, pr-comment from cli.go switch
  • c1cdce2 refactor(cli): extract remaining 10 cases from cli.go switch
  • e2f0ec4 refactor(runners): make TypeScript→JavaScript a data-driven alias
  • dc4f520 refactor: consolidate language metadata into single canonical registry
  • 82511a1 security: lock NewClientWithHTTP behind a fitness function
  • e6f6927 test(architecture): add fitness functions enforcing layer + size + parity invariants
  • 92577c8 test(mcp): assert Service interface parity with application.Service

Release v1.14.0

Choose a tag to compare

@github-actions github-actions released this 28 Mar 14:03
e7f3b27

Changelog

  • 542698a build(deps): bump astro from 5.16.6 to 5.18.1 in /docs
  • fcba5da build(deps): bump devalue from 5.6.3 to 5.6.4 in /docs
  • 0d81d8d build(deps): bump h3 from 1.15.5 to 1.15.9 in /docs
  • f19ceec build(deps): bump picomatch in /docs
  • 5aa9874 build(deps): bump smol-toml from 1.6.0 to 1.6.1 in /docs
  • a112bac build(deps): bump svgo from 4.0.0 to 4.0.1 in /docs
  • c6a2e49 chore(release): update changelog for v1.13.0
  • 2b66359 deps: bump github.com/felixgeelhaar/mcp-go from 1.7.0 to 1.8.0
  • 40416ef deps: bump golang.org/x/sys from 0.41.0 to 0.42.0
  • 9e62cae deps: bump google.golang.org/grpc from 1.78.0 to 1.79.3
  • 9af9587 feat: add language-aware format fallback in parser registry
  • 127048c fix: improve LCOV format detection for Rust coverage profiles

Release v1.13.0

Choose a tag to compare

@github-actions github-actions released this 01 Mar 21:05
40be00f

Changelog

  • 914b033 build(deps): bump devalue from 5.6.2 to 5.6.3 in /docs
  • 59bdf5f build(deps): bump rollup from 4.54.0 to 4.59.0 in /docs
  • 857209c ci: bump goreleaser/goreleaser-action from 6 to 7
  • 1959571 deps: bump github.com/felixgeelhaar/mcp-go from 1.5.0 to 1.7.0
  • 03eccd2 deps: bump golang.org/x/sys from 0.40.0 to 0.41.0
  • f1abbf1 feat: add coverage support for C#, C/C++, PHP, Ruby, and Swift
  • 08969b6 feat: add coverage support for Dart, Scala, Elixir, and Shell
  • 5e4a73d feat: make coverctl language-agnostic with multi-format parser registry
  • a9d2b25 fix: handle Go workspace in ModulePath resolution
  • d6007cb fix: resolve gofmt formatting issues in cli and annotations
  • 493e04e fix: resolve nox security findings and add scan baseline
  • 6414d52 fix: resolve self-referential nox scan and expand security baseline
  • 40be00f fix: use credential store for homebrew tap clone in CI
  • 870af12 refactor: replace VerdictSec with nox for security scanning

Release v1.12.2

Choose a tag to compare

@github-actions github-actions released this 22 Jan 22:02
2c65131

Changelog

  • 09d8207 build(deps): bump devalue from 5.6.1 to 5.6.2 in /docs (#25)
  • 786fad5 build(deps): bump diff from 5.2.0 to 5.2.2 in /docs (#28)
  • 003e5bb build(deps): bump h3 from 1.15.4 to 1.15.5 in /docs (#26)
  • 2ab4d2d deps: bump github.com/felixgeelhaar/mcp-go from 1.4.0 to 1.5.0 (#27)
  • 47fb880 deps: bump golang.org/x/sys from 0.39.0 to 0.40.0 (#21)

Release v1.12.1

Choose a tag to compare

@github-actions github-actions released this 14 Jan 18:52
2c3d60c

Changelog

  • 2c3d60c fix: coverctl check runs tests by default even if profile exists (#24)

Release v1.12.0

Choose a tag to compare

@github-actions github-actions released this 14 Jan 10:59
90af079

Changelog

  • 3e4c392 feat: allow check from existing profiles
  • b4d3937 fix: improve history recording consistency
  • 8c62f2d fix: resolve lint issues and adjust coverage thresholds
  • 2f8024b fix: reuse existing profiles in check

Release v1.11.0

Choose a tag to compare

@github-actions github-actions released this 09 Jan 17:54
v1.11.0
0bfcbd1

Changelog

  • 0e75daa feat: add DDD domain layer, improve test coverage, and update docs
  • 81e1e7c feat: add multi-language coverage profile support
  • 1d4048b feat: add multi-language coverage runner support
  • e5c3bfb feat: add multi-language domain resolution and autodetection
  • 0bfcbd1 fix: add platform-specific file locking for Windows compatibility
  • 9521c93 sec: fix gosec findings and improve test coverage