Skip to content

Release v1.15.0

Choose a tag to compare

@github-actions github-actions released this 03 May 20:18
2106628

Changelog

  • 1d92fa6 ci(release): sign artifacts with cosign and emit SBOM
  • 3d74187 ci: bump actions/configure-pages from 5 to 6
  • 2c1df0f ci: bump actions/deploy-pages from 4 to 5
  • ebc5d7e ci: pin GitHub Actions to commit SHAs
  • 90222eb docs(research): add ECP discovery interview script
  • ab80f35 feat(cli): add --max-runtime ceiling on check, run, record
  • d7fa139 feat(cli,mcp): add structured logging with --debug global flag
  • ca2f477 feat(cmdrun): add structured exec wrapper for forensic visibility
  • f0ab0a1 feat(mcp): harden server against prompt-injection attacks
  • 8d731c1 feat(mcp): rate-limit pr-comment to prevent agent loop spam
  • 5250ff0 feat(pathutil): add ValidateScopedPath for untrusted-input scope enforcement
  • 866692c feat(runners): wire cmdrun structured logging into all 13 remaining runners
  • 2106628 fix(deps): bump astro to v6 + starlight to v0.38 (closes XSS CVE-2026-41067)
  • e662d70 fix(deps): patch non-breaking docs vulnerabilities (vite, defu, postcss)
  • 10d38fc fix: resolve stale security findings and unused code warnings
  • b80a135 refactor(application): delegate Service.PRComment to PRCommentHandler
  • 9bbb184 refactor(cli): extract check, run, record, pr-comment from cli.go switch
  • c1cdce2 refactor(cli): extract remaining 10 cases from cli.go switch
  • e2f0ec4 refactor(runners): make TypeScript→JavaScript a data-driven alias
  • dc4f520 refactor: consolidate language metadata into single canonical registry
  • 82511a1 security: lock NewClientWithHTTP behind a fitness function
  • e6f6927 test(architecture): add fitness functions enforcing layer + size + parity invariants
  • 92577c8 test(mcp): assert Service interface parity with application.Service