Changelog

1.3.3 2026-02-02
Changed
  • Project Structure Migration - Consolidated scattered cache directories into `.code-scalpel/cache/`.
  • verify.sh Step Numbering - Fixed inconsistent step numbering (now consistent 1/11 through 11/11).
  • verify.sh Header Documentation - Added comprehensive header with purpose, runtime, and usage.
Added
  • Version Sync Check - Pre-check in `verify.sh` detects version mismatches.
  • verify.sh Improvements - Added `--skip-build` flag to skip expensive build check.
  • New scripts: `scripts/verify_version_sync.sh` and `scripts/migrate_project_structure.sh`.
  • Documentation - New `docs/PIPELINE.md` and `tests/README.md`.
  • Troubleshooting - Added detect-secrets and version sync guides to `docs/DEVELOPMENT.md`.
Fixed
  • Version mismatch between `pyproject.toml` (1.3.2) and `__init__.py` (was 1.3.0).
1.3.2 2026-02-02
Changed
  • Security Hardening - Added 40+ `.gitignore` patterns blocking API tokens and credentials.
Added
  • detect-secrets - Integration with `.secrets.baseline` and pre-commit hook.
  • .gitignore Security - Sections for API tokens, vaults, and CI/CD artifacts.
Fixed
  • Redacted exact JWT file paths and vault key names from `docs/GITHUB_SECRETS.md`.
  • Removed broken license examples from documentation.
1.3.1 2026-02-01
Changed
  • Black/Ruff Path Alignment - Fixed `verify_local.sh` to check only `src/` and `tests/`.
  • Pre-commit Hook Speed - Switched to `verify_local.sh` for sub-minute feedback.
Added
  • Documentation Validation - Added validation steps to `verify.sh`.
  • Optional Security Checks - Added Bandit and pip-audit warnings to `verify_local.sh`.
1.3.0 2026-02-01
Added
  • Oracle Resilience Middleware - Automatic error recovery for AI agents.
    • Symbol fuzzy matching with Levenshtein distance
    • Path resolution with suggestions
    • Stage 2 error enhancement
  • Float Support - Symbolic execution now supports floating-point operations via Z3.
  • Enhanced Error Messages - All tools provide actionable suggestions.
Changed
  • Improved confidence scoring in security analysis.
  • Better TypeScript/TSX parsing for React components.
  • Faster cross-file dependency resolution.
Fixed
  • Line number calculation in multi-file extractions.
  • Memory leak in long-running security scans.
  • Timeout handling in large project analysis.
1.2.0 2026-01-15
Added
  • Type Evaporation Scanner - Detect TypeScript type safety issues at boundaries.
  • Graph Query Language (Enterprise) - Custom graph traversal queries.
  • Semantic Neighbors (Pro) - Find related code by similarity.
  • Batch Operations for multi-file processing.
Changed
  • Upgraded taint analysis engine.
  • Improved Mermaid diagram generation.
  • Reduced memory usage by 40%.
Fixed
  • False positives in SSRF detection.
  • JSX fragment handling in extraction.
  • Call graph cycles causing infinite loops.
1.1.0 2026-01-01
Added
  • Cross-File Security Scan - Track taint flow across modules.
  • Dependency Vulnerability Scanning (OSV).
  • Policy Integrity Verification.
  • Progress Reporting.
Changed
  • Tier limits now in `limits.toml`.
  • Better handling of minified JS.
Fixed
  • Unicode handling.
  • Path normalization on Windows.
1.0.0 2025-12-15
Initial Release
  • 22 MCP Tools including `analyze_code`, `extract_code`, `security_scan`.
  • Full Python support.