Skip to main content

Changelog

Auto-generated

This changelog is auto-generated from git commit history. Updated on every commit.

April 4, 2026​

  • Feature: Documentation Bible β€” Phase 1 + Phase 2 complete (Docusaurus site, auto-generation scripts, Mermaid diagrams, search)
  • Fix: Validator H8/H16 file upload false-positive + agent-validator sync
  • Fix: 3 scanner FP/FN fixes from R20 regression analysis
  • Fix: Remove dead rate_limit 404 auto-reject from findingValidator
  • Fix: 3 scanner TP fixes β€” CMDi path params, SQLi discovery timeout, rate-limit validator
  • Fix: Expand TRANSACTIONAL_ENDPOINT_RE with e-commerce patterns
  • Fix: 4 validated FP/FN fixes β€” nosql auto-pass, race pre-filter, SSRF video, BOLA redirect

April 3, 2026​

  • Fix: Comprehensive migration table audit β€” 3 gaps fixed + local verified
  • Feature: Phase 0 review gate β€” drill-down detail panels
  • Feature: Delta scan baseline selection in assessment wizard
  • Test: findingValidator + chainReplayEngine test suites
  • Feature: Wire MITRE ATT&CK/OWASP LLM to findings API + LLM budget signals
  • Feature: Chain Rule 13 + 2 agent stubs + expand shadow AI to 21 domains
  • Feature: Delta scanning β€” changed endpoints only
  • Feature: Register 5 new agents + fix migration registration
  • Feature: Shadow AI detection β€” auto-catalog discovered AI services
  • Feature: Scan timing + circuit breakers + multi-auth UX + remediation quality
  • Feature: promptInjectionAgent β€” LLM endpoint security testing
  • Feature: AI Security module backend + frontend wiring
  • Feature: 3 new agents β€” LLM API security, serverless, dependency confusion
  • Feature: Real OSINT automation β€” crt.sh + DNS + Wayback + AI service detection
  • Feature: tw scan CLI tool
  • Feature: ID format IDOR detection + OWASP LLM + MITRE ATT&CK mapping
  • Feature: Expand chain replay rules 5 to 12
  • Feature: GitHub Action + webhook retry (CI/CD)
  • Fix: Sector-aware budget boost was dead code for financial targets
  • Fix: race_double_submit + ldap_injection auto-reject heuristics
  • Fix: R15 FP fixes β€” APP_WIDE dedup + validator auto-reject heuristics
  • Fix: 6 structural detection gaps exposed by R14 false-negative analysis
  • Fix: 4 structural FP detection bugs exposed by R14 post-mortem
  • Feature: Cross-user stored XSS + JWT to SSRF chain replay
  • Feature: Close 25/27 GT detection gaps β€” B1/B2/B3/B4 fixes across 16 files
  • Fix: 5 systemic detection fixes β€” auth propagation, cookie security, IDOR query-param, JWT alg:none, SSRF URL-param priority
  • Fix: api_login SSRF policy blocked localhost scan targets β€” Round 11 fix

April 2, 2026​

  • Fix: Round 10 β€” auth profiles, NoSQL bcrypt bypass, LDAP FP, broadNoSQL resilience
  • Fix: Round 9 β€” 3 universal detection fixes
  • Security: Fix 4 critical audit issues from DVAPI v7 security review
  • Fix: 3 universal detection gaps β€” SSRF FP, Swagger discovery, NoSQL auth

April 1, 2026​

  • Security: Fix 3 audit findings β€” credential redaction, SSRF, JSON escape
  • Feature: Phase C/D β€” bootstrap orchestrator, matrix gating, learned context, crash recovery
  • Fix: Resolve all 16 Phase 0 audit bugs (B1-B16)
  • Fix: Phase0ReviewGate now shows real Phase 0 intelligence data
  • Fix: Zero findings β€” api_login auth missing in runAgent + wire Phase 0 Q&A to blackboard
  • Feature: Phase 0 interactive bootstrap questions + crash recovery
  • Feature: Phase 0 message history replay + interactive question + terminal persistence
  • Feature: Enterprise-level Credentials Vault UI β€” search, filter, sort, stats
  • Feature: Credentials Vault full overhaul + auth profile CRUD + CredentialPicker dual-source
  • Feature: Gap 1/2/3 β€” api_login auth type, Credentials Vault, Test Connection button
  • Feature: Unified scan terminal β€” Phase 0 + Phase 1-5 in one view
  • Feature: Complete Phase 0 plan β€” dep graph, UX polish, wizard, mobile, encryption

March 2026​

  • Feature: Per-Tenant Entitlements + SSO Resolution + License Enforcement (Mar 27)
  • Fix: Multi-Tenant Isolation Audit β€” 20 gaps fixed (Mar 26)
  • Feature: AppSec Scanner Context Bridge + crAPI Benchmark (Mar 25)
  • Fix: Scan Consistency Fix + Assessment Wizard Overhaul (Mar 24)
  • Feature: UAT Deployment on Render + Licensing + Scanner FP Reduction (Mar 22-23)
  • Feature: Comprehensive Security Audit + Fail-Closed Architecture (Mar 16)
  • Feature: AppSec Scanner Gap Fixes G-01 through G-19 β€” 94.2% TP rate (Mar 15)
  • Feature: AppSec/Pentest Scanner Module β€” 43 agents, 6-tab UX, 3-step wizard (Mar 8-14)
  • Security: SAST/SCA/API Security Audit β€” 30 findings, 14 fixes (Mar 5)
  • Security: Full Penetration Test β€” 16 findings all resolved (Mar 2)

February 2026​

  • Feature: VFP (Vulnerability Fix Planner) Phases 0-10 β€” 11 phases, 8 entities
  • Feature: AI v3.0 + Multi-Dashboard System β€” 12 AI services, 50+ widget types
  • Feature: Streaming Sync Engine β€” SSE endpoint, Redis locking, Tenable Export API V2

January 2026​

  • Feature: Initial platform build β€” authentication, asset sync, vulnerability dashboard

Auto-generated from git history on 2026-04-04. 1,172 total commits.