Skip to content

Releases: srbsa/diffgate

v0.7.7

Choose a tag to compare

@github-actions github-actions released this 02 Jul 19:46

Full Changelog: v0.7.6...v0.7.7

v0.7.6

Choose a tag to compare

@github-actions github-actions released this 02 Jul 19:33
v0.7.6 — distribution plumbing

v0.7.5

Choose a tag to compare

@github-actions github-actions released this 02 Jul 13:07
release: 0.7.5, republish with updated README after 0.7.4 publish

v0.7.4

Choose a tag to compare

@github-actions github-actions released this 02 Jul 12:57
feat: git history audit, gate hardening, and 0.7.4 rule coverage

Squash of feat/check-history-scan (7 commits):

- diffgate check can audit git history per-commit: --since/--range/--author/
  --ai-authored/<sha>, --limit. Report-only, sourced from git objects (no
  checkout/mutation), honors --json/--fail-on.
- diffgate check accepts space-separated flag values (--range A..B), not just
  --flag=value.
- Silent-failure sweep: the gate path can no longer exit 0 on a failure to run
  (non-git dir, unresolvable --base/--range, invalid --fail-on all now exit 2);
  --json/--sarif/--github now carry the real gate exit code.
- dangerous-exec (JS/TS) no longer flags RegExp.prototype.exec(); path-traversal
  (JS/TS) is guard-aware (path.basename wrapper, startsWith containment check).
- permissive-cors extended to all 8 AST-precision languages (was JS/Python/PHP):
  Go, Ruby, Java, C#, Kotlin, covering both wildcard/allow-all configs and
  reflected-Origin writes; explicit allowlists are not flagged.
- hardcoded-secret recognizes AI-era provider key formats (Anthropic, OpenAI,
  Hugging Face, GitLab, npm), kept in sync between the rule and classifySecret.
- research/ (internal experiment scripts) untracked and gitignored — not part
  of the shipped tool.

769 tests green, typecheck clean, extension smoke passing.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

v0.7.3

Choose a tag to compare

@github-actions github-actions released this 30 Jun 08:30
chore: add .env.example for marginal/AI provider runs

Documents the provider API-key env vars (read via the LLM registry, not
inline process.env) and the custom-endpoint overrides for `diffgate marginal`.
.gitignore gains `!.env.example` so the template is trackable while `.env`/`.env.*`
stay ignored. The deterministic engine needs none of these.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

v0.7.2

Choose a tag to compare

@github-actions github-actions released this 30 Jun 04:34
chore: readme & security docs

v0.6.1

Choose a tag to compare

@github-actions github-actions released this 28 Jun 17:21
fix(vscode): dismiss/confirm false positives from the editor (0.6.1)

Patch on the released 0.6.0. The editor half of `diffgate feedback`: a
false positive can now be suppressed without leaving VS Code — via ⌘. /
Ctrl+. ("Dismiss as noise"), a hover-card link, or a one-click button in
the Deep Review inspector after a "likely safe" verdict — and "Confirm as
a real risk" records the opposite verdict for the `diffgate stats` signal
ratio. Both write the same committed `.diffgate/learnings.json` (hash of
the flagged snippet), so dismissals are team-shared via git and applied
in CI, with no inline `// disable` comments.

Closes a real bug surfaced while building it: the live-editor analysis
path (`analyzeText`) silently ignored learnings.json — only the git-diff
sidebar path applied it — so a CLI dismissal vanished from the sidebar
but reappeared in the gutter on open/edit. analyzeText now applies the
verdicts the same way reviewChanges does.

Bug-bash hardening:
- Cache merged learnings per folder (analysis runs per keystroke); the
  prior change re-read disk on every edit. Invalidated on a recorded
  verdict, an external learnings.json change, and config changes that
  could alter learnings.shared.
- Refuse an empty flagged snippet (would hash to a constant and suppress
  every empty-line finding of the rule), mirroring the CLI guard.
- Invalidate the cache before re-analysis so a dismissal takes effect
  immediately.

Tests: new smoke scenario drives dismiss/confirm/cancel/no-op against a
real learnings.json. 481 core + extension smoke + root/ext typecheck green.

Docs: new CHANGELOG [0.6.1] section (0.6.0 left intact as released),
extension README, docs/TEAM.md. Version bumped to 0.6.1 in root + extension
manifests and both package-lock self-version fields (pre-existingly out of
sync: root lock 0.7.0, ext lock 0.1.2 — now 0.6.1).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

v0.6.0

Choose a tag to compare

@github-actions github-actions released this 28 Jun 13:52
docs(parity): refresh stale parity tables — Python at 4 AST classes, …

v0.5.2

Choose a tag to compare

@github-actions github-actions released this 26 Jun 09:19
Merge branch 'fix/openai-gpt5-params' (v0.5.2)

OpenAI GPT-5/o-series model fix + four VS Code plugin fixes:
- Lingering package.json/manifest findings (FILE rules bypassed diff gate)
- Multi-repo workspaces only showing 1 repo (bounded discovery + grouped tree)
- Redundant cache-folder reads (centralized ignore policy with framework caches)
- Misc: .diffgate.json watcher in node_modules, MAX_BYTES UTF-16 vs bytes

v0.5.1

Choose a tag to compare

@github-actions github-actions released this 24 Jun 09:49
Release v0.5.1