v0.2.9

0.2.9 (2026-06-18)

Features

• assets: ✨ implement asset download size and timeout limits (71a187d)
• crosswalk: ✨ add required controls compliance gate (a3416ed)
• crosswalk: ✨ enhance control mapping and payload resolution for required controls (dae2015)
• docs: ✨ add required_controls and findings-required-count to action inputs (71a187d)
• upload: ✨ enforce upload size limit for files (71a187d)

Code Refactoring

• policy: ♻️ confine agent-supplied paths to workspace for security (71a187d)

v0.2.8

0.2.8 (2026-06-17)

Features

• scanners: ✨ add attachSourceSnippets function to enhance concern code snippets (d650299)

Code Refactoring

• docs: ♻️ remove section numbers from comments and documentation (54490d0)

v0.2.7

0.2.7 (2026-06-17)

Features

• terraform: ✨ enhance scanner output with code snippets and documentation links (8212444)

v0.2.6

0.2.6 (2026-06-17)

Features

• cloudReport: ✨ add cyberEssentialsScore function and related tests (a2c704e)

v0.2.5

0.2.5 (2026-06-17)

Bug Fixes

• cloudReport: 🐛 improve logging for skipped cloud report due to missing concerns or credentials (5e37021)

v0.2.4

0.2.4 (2026-06-17)

Bug Fixes

• cloudReport: 🐛 improve error handling and logging in reportToCloud function (d03d2a0)

v0.2.3

0.2.3 (2026-06-16)

Features

• main: ✨ prefer run-context-resolved credential for cloud API token (96ac5e2)

Documentation

• ✨ add new findings count and gate to action inputs (2422c84)

v0.2.2

0.2.2 (2026-06-16)

Features

• ✨ suppress findings via #terramend:ignore + policy file (7c209bb)
• cloudReport: ✨ add support for reporting findings to Terramend Cloud (57fec3e)
• config: ✨ accept .terramend.json repo config (f3e458f)
• dashboard: ✨ per-repo Remediation Dashboard issue (55ab0a2)
• grouping: ✨ repo-wide default remediation grouping strategy (5acf884)
• guardrails: ✨ cap open + hourly remediation PRs across runs (1c58e31)
• risk: ✨ implement risk scoring and top risks functionality (d73857e)
• staleFix: ✨ flag long-rotting remediation PRs as zombies (2584fc3)

Bug Fixes

• cloudReport: 🐛 update OIDC audience for cloud reporting (0bf834a)

Code Refactoring

• ♻️ one CVSS-anchored severity model (2b-v) (cb6b41a)

Documentation

• 📝 regenerate action-inputs for §2a inputs (7946819)
• 🗑️ slim hand-written docs to stubs linking to the docs site (69c7bd5)
• configuration: 🗑️ move §2a config docs to the canonical site (9678af2)
• examples: 📝 reference the published action, not a placeholder (ea448d5)
• scheduling: 📝 scheduled off-peak remediation recipe + flood control (08f1c31)

v0.2.1

0.2.1 (2026-06-14)

Bug Fixes

• biome: ✨ update schema version to 2.5.0 and fix linter rule format (4e34999)
• moduleFetch: ✨ add case-insensitive duplicate check for GitHub hosts (3326887)
• release-please: ✨ update changelog sections to reveal hidden types (8466769)
• tests: ✨ add line-independent concern key verification and partitioning logic (bed5cee)

Miscellaneous

• ✨ update project dependencies (ed64bca)
• assessment: ✨ add read-only Terraform assessment tool and related tests (0c86818)
• assessment: ✨ enhance tool selection transparency in TerraformAssessTool (d323fb6)
• docs: ✨ upgrade SARIF upload action to v4 in configuration examples (8995c42)
• evidence: ✨ implement backend-free compliance evidence bundle generation (58d4750)
• terraform: ✨ implement unified tool selection and licensing gate (934abc5)
• tests: ✨ add tests for .terramend.yml configuration loading and parsing (69da985)

v0.2.0

0.2.0 (2026-06-12)

Features

• ✨ review FP filtering, eval harness, and SARIF/findings outputs (0c6948a)

Bug Fixes

• general improvements to the code structure + Integrating Claude 5 Fable as default model (a4826eb)
• refactor tests and improve TypeScript strictness with new features (#9) (85943c1)
• release: ✨ add npm publish step to release workflow (ec51834)
• shell: 🐛 improve command rejection logic for git invocations (027e4d2)
• terraform: 🐛 add timeout for subprocess invocations (027e4d2)