Skip to content

v0.40.0

Choose a tag to compare

View all tags
@zr9959 zr9959 released this 25 May 12:54
· 36 commits to main since this release
v0.40.0
5a05fca
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

  • Groups hosted Check Run output by launch-risk area: auth/session, billing/entitlement, tenant data, deploy/permissions, API contract, and tests/silent success.
  • Adds machine-readable hosted PR smoke evidence with cleanup status through scripts/hosted-pr-smoke.mjs --evidence-file.
  • Clarifies when to use Local CLI, GitHub Action, or Hosted GitHub App in both English and Chinese README files.
  • Documents the next hosted source-checkout worker boundary without claiming a full hosted scanner.

Verification

  • npm test
  • npm audit --audit-level=high --registry=https://registry.npmjs.org
  • npm pack --dry-run --json
  • uvx zizmor --offline .github/workflows
  • go run github.com/rhysd/actionlint/cmd/actionlint@latest
  • CLI JSON, SARIF, and pr-risk smoke
  • npx wrangler deploy --dry-run and npx wrangler deploy
  • live /healthz and /github/app/install-info verification
  • real hosted PR smoke: PR #85, Check Run 77714061842, cleanup remainingSmokeKeys: 0
Assets 3
Loading