v1.8.1

1.8.1 (2026-06-17)

Bug Fixes

• eval: deterministic self-contained eval runners + sharpened java held-out corpus (257b77d)
• eval: make eval runners self-contained for deterministic headless scoring (#72) (aa57158), closes #71

v1.8.0

1.8.0 (2026-06-16)

Features

• eval: eval-run shortcut + runner label injection, calibrated baselines, full eval docs (#15) (bbe0343)
• eval: scripts/eval-run wrapper (auto-selects runner) + docs (#15) (#63) (b4551d9)

Bug Fixes

• eval: runner label injection + measured baselines for rust/shell/yaml/swift (#15) (#67) (272f773)

v1.7.0

1.7.0 (2026-06-16)

Features

• eval: loop-closing harness + completeness critic (#15 Phase 2) (#52) (79592da)
• eval: self-improving eval harness — loop-closing runner, ±2-tolerance grader, completeness critic (#15) (f3685fe)

Bug Fixes

• eval: ±2 line-tolerance grader + working runners (#15) (#54) (3d60c6d)

v1.6.1

1.6.1 (2026-06-15)

Bug Fixes

• defect-scan: gitleaks signal/noise — git-mode + value-level baseline (79446f4)
• defect-scan: gitleaks signal/noise — git-mode + value-level baseline (#20) (#49) (0304490)

v1.6.0

1.6.0 (2026-06-15)

Features

• defect-scan: add Codex plugin manifest (display name 'Defect Scan') + sync guards (#46) (3f10ab7)
• defect-scan: Codex plugin display name + deepened dart/Flutter profile (cd26647)
• defect-scan: deepen dart/Flutter profile + README language table (#44) (b959340)

v1.5.0

1.5.0 (2026-06-15)

Features

• defect-scan: add kotlin and swift profiles (mobile) (#39) (bef67e5)
• defect-scan: add php profile (PHPStan + Psalm taint + composer audit) (#40) (ad86c19)
• defect-scan: add rust profile (clippy + cargo-audit + cargo-deny) (#38) (c19b40b)
• defect-scan: add yaml profile (yamllint + actionlint/zizmor/kube-linter) (#37) (19c6431)
• defect-scan: add yaml, rust, kotlin, swift, php, and shell profiles (d99d84e)
• defect-scan: promote shell to a first-class profile (shellcheck) (#41) (19f23e0)

v1.4.0

1.4.0 (2026-06-15)

Features

• defect-scan: add csharp/.NET profile (Roslyn CAxxxx + Security Code Scan + roslynator) (#27) (4a1075b)
• defect-scan: add go profile (go vet + staticcheck + golangci-lint + govulncheck) (#25) (be0c34b)
• defect-scan: add go, csharp, and java language profiles (daaddf3)
• defect-scan: add java profile (Error Prone + SpotBugs/find-sec-bugs + PMD + dependency-check) (#34) (8c7df7c)

v1.3.0

1.3.0 (2026-06-15)

Features

• defect-scan: --cross-model — second-opinion verification via Codex (refs #7) (#17) (a240b74)
• defect-scan: add ruby profile (RuboCop + Brakeman + bundler-audit) (#22) (8d09323)
• defect-scan: Codex entrypoint — run the same scan under Codex (refs #7) (#13) (1a238f5)
• defect-scan: Codex support, cross-platform/Windows, eval harness, cross-model, react-ts + ruby profiles (295d7bb)
• defect-scan: cross-platform hardening — BSD/GNU audit, preflight, Windows fallback (#14) (36a113f)
• defect-scan: enrich react-typescript profile with researched defect classes (#18) (6c7fe78)
• defect-scan: per-language eval harness — measured, safe self-improvement (refs #15) (#16) (86bcadd)

v1.2.0

1.2.0 (2026-06-15)

Features

• defect-scan: --file-issues — file deduped, labeled tracker issues from findings (#6) (4791805)
• defect-scan: --file-issues, scope-resolution fix, Dart profile, extensible profiles + public-readiness hardening (83ebd16)
• defect-scan: 3-layer profile discovery (cmd_profiles) (518659f)
• defect-scan: add Dart/Flutter profile + include .dart in triage source-filter (2e70008)
• defect-scan: add frontmatter to built-in profiles (f374cb2)
• defect-scan: add P10 — security response headers (CSP & friends) (9a0ae0d)
• defect-scan: data-driven cmd_stacks (profile frontmatter) (ebd159c)
• defect-scan: data-driven triage source-filter (profile extensions) (1ebb364)
• defect-scan: field-by-field shadow-merge (fm_field) (7682987)
• defect-scan: frontmatter-lite reader (fm_get) + skill_dir (7c6f07d)
• defect-scan: pattern-pack discovery (cmd_patterns) (1777b46)
• defect-scan: SKILL.md orchestration for layered profiles + origin gating (159dad8)

Bug Fixes

• defect-scan: guard fm_field calls in cmd_stacks so extensions-only profiles detect (1401728)
• defect-scan: resolve scan scope on clean/merge-HEAD trees; never dead-end silently (#5) (22176cf)