Skip to content

1.5.4

Choose a tag to compare

View all tags
@oscarvalenzuelab oscarvalenzuelab released this 13 Nov 21:27
· 41 commits to main since this release
v1.5.4
2f29d7b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed in v1.5.4

Server Instructions: Prevent External Tool Installation

Added prominent warning to prevent LLMs from installing external compliance tools:

  • Added "IMPORTANT - ALL TOOLS ARE BUILT-IN" section at the top of server instructions
  • Explicitly warns against installing: npm license-checker, scancode-toolkit, ngx, fossil, etc.
  • Clarifies that all necessary tools (purl2notices, ossnotices, osslili, ospac, vulnq) are pre-installed
  • Directs LLMs to use MCP-provided tools instead of trying to install external packages

Why this matters:

  • Prevents LLMs from wasting time trying to install tools that are already available
  • Avoids confusion about which tools to use (use MCP tools, not external CLIs)
  • Reduces risk of LLMs using outdated or incorrect external tools
  • Ensures consistent compliance scanning using the SEMCL.ONE toolchain

User Impact:

  • Faster response times (no unnecessary tool installation attempts)
  • More reliable results (always uses the correct, pre-installed tools)
  • Clearer guidance for LLMs on how to perform compliance tasks
Assets 2
Loading