Skip to content

1.4.0

Choose a tag to compare

View all tags
@oscarvalenzuelab oscarvalenzuelab released this 11 Nov 18:46
· 55 commits to main since this release
v1.4.0
4f23cb5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

mcp-semclone v1.4.0

This release implements a universal compliance workflow and improves agent usability. Changes include breaking changes from the removal of project-type-specific tools, as well as enhancements from v1.3.6 and v1.3.7.

Breaking Changes

Removed generate_mobile_legal_summary (formerly generate_mobile_legal_notice)

Project-type-specific tools do not scale across different distribution types.

Migration paths:

  • Use run_compliance_check for automated one-shot workflows
  • Use generate_legal_notices for manual workflow orchestration

The generate_legal_notices tool was always the correct choice for complete legal documentation.

New Tool: run_compliance_check

Universal compliance workflow that works for any project type (mobile, desktop, SaaS, embedded, etc).

Capabilities:

  • Automatic workflow: scan → generate NOTICE.txt → validate policy → generate sbom.json → check vulnerabilities
  • Returns APPROVED/REJECTED decision with risk level
  • Generates NOTICE.txt and sbom.json artifacts
  • Provides a complete report with actionable recommendations
  • Uses default policy if none specified
  • Distribution type is a parameter, not a separate workflow

Usage:
result = run_compliance_check(path, distribution_type="mobile")

Enhanced Tool Descriptions

All primary tools now include structured guidance:

scan_directory:

  • Positioned as FIRST STEP in workflows
  • WHEN TO USE and WHEN NOT TO USE sections
  • WORKFLOW POSITION guidance
  • Three complete workflow examples

generate_legal_notices:

  • Positioned as a PRIMARY TOOL for legal documentation
  • Emphasizes purl2notices backend for copyright extraction
  • WHEN TO USE and WHEN NOT TO USE sections
  • Three workflow examples: mobile app compliance, package analysis, batch compliance

validate_license_list:

  • Positioned for quick license validation
  • Clear return values: safe_for_distribution, app_store_compatible
  • Complete workflow example

Documentation Updates

  • Updated IDE integration guides for Cursor, Cline, and Kiro
  • Updated mobile app compliance guide
  • Updated configuration examples and autoApprove lists
  • Removed all references to deleted tools
  • Added migration guidance

Architecture Changes

Design principles:

  • No project-type-specific tools
  • Distribution type used only for policy validation context
  • Default policy provided
  • Single standardized workflow
  • Scales without code changes

Standard workflow options:

Option 1 (Recommended):
run_compliance_check(path, distribution_type) → APPROVED/REJECTED + artifacts

Option 2 (Manual):
scan_directory → generate_legal_notices → validate_license_list → generate_sbom

From v1.3.7 (2025-11-10)

License Approval/Rejection Workflow:

  • Enhanced validate_policy tool with approve/deny/review decision support
  • Added context parameter for static_linking and dynamic_linking scenarios
  • Returns structured decision output with action, severity, requirements, and remediation
  • Added summary object with boolean flags: approved, blocked, requires_review
  • Distribution-specific policy rules (GPL blocked for mobile, AGPL blocked for SaaS)
  • Updated OSPAC dependency to >=1.2.3

From v1.3.6 (2025-11-10)

Pipx Installation Support:

  • Comprehensive pipx installation documentation
  • Instructions for pipx inject to include all SEMCL.ONE tools
  • Isolated environment prevents dependency conflicts
  • All tools are accessible as both libraries and CLI commands
  • Updated MCP configuration examples for pip and pipx
  • Documentation for included tools: osslili, binarysniffer, src2purl, purl2notices, ospac, vulnq, upmex

Migration Example

Before v1.4.0

scan_result = scan_directory(path)
notice = generate_mobile_legal_summary(project_name, licenses)

After v1.4.0

result = run_compliance_check(path, distribution_type="mobile")

Automatically generates NOTICE.txt and sbom.json

Returns APPROVED/REJECTED decision

Alternative: manual workflow

scan_result = scan_directory(path, identify_packages=True)
purls = [pkg["purl"] for pkg in scan_result["packages"]]
generate_legal_notices(purls, output_file="NOTICE.txt")

See https://github.com/SemClone/mcp-semclone/blob/main/CHANGELOG.md for complete details.

Assets 2
Loading