agent-bom v0.76.4

What's Changed

• Tighten README and dashboard onboarding by @msaad00 in #1333
• Tighten operator UI and trace review by @msaad00 in #1334
• Focus operator graph views by @msaad00 in #1335
• Tighten README visuals and simplify primary navigation by @msaad00 in #1336
• chore(deps-dev): bump @types/node from 25.5.2 to 25.6.0 in /sdks/typescript by @dependabot[bot] in #1340
• chore(deps-dev): bump vitest from 4.1.3 to 4.1.4 in /ui by @dependabot[bot] in #1339
• chore(deps-dev): bump @types/node from 25.5.2 to 25.6.0 in /ui by @dependabot[bot] in #1338
• chore(deps): bump actions/github-script from 8.0.0 to 9.0.0 by @dependabot[bot] in #1337
• Fix local vulnerability enrichment and UI lint baseline by @msaad00 in #1341
• Refresh MITRE catalogs with bundled default sync by @msaad00 in #1342
• Tighten README graph and architecture SVGs by @msaad00 in #1343
• Improve validator-aware AST guard modeling by @msaad00 in #1344
• Expand notebook credential detection by @msaad00 in #1345
• Tighten README architecture card spacing by @msaad00 in #1346
• Improve sanitizer-aware early guard exits by @msaad00 in #1347
• Add Go template sink parity by @msaad00 in #1348
• Improve JS/TS validator guard modeling by @msaad00 in #1349
• Improve JS/TS early-exit validator guards by @msaad00 in #1350
• Improve JS/TS default-export flow parity by @msaad00 in #1351
• Refresh latest image and actionable rescan alerts by @msaad00 in #1352
• Model JS/TS validated return helpers by @msaad00 in #1353
• Fix dashboard summary loading and API hydration by @msaad00 in #1354
• Improve modular loading for mesh, context, and insights by @msaad00 in #1355
• Improve summary-first loading for dashboard and vulnerabilities by @msaad00 in #1356
• Polish README visuals and release surfaces by @msaad00 in #1357
• Harden Snowflake notebook and days SQL inputs by @msaad00 in #1358
• Make jobs summary-first by default by @msaad00 in #1359
• Decouple dashboard jobs and agents loading by @msaad00 in #1360
• Fix pushed result completion metadata by @msaad00 in #1361
• Polish 0.76.4 release surfaces and UI drilldowns by @msaad00 in #1362
• Fix release 0.76.4 build and summary alignment by @msaad00 in #1363
• Prepare 0.76.4 release by @msaad00 in #1364

Full Changelog: v0...v0.76.4

agent-bom v0.76.2

What's Changed

• fix: ingest Alpine secdb and prepare 0.76.2 by @msaad00 in #1332

Full Changelog: v0...v0.76.2

agent-bom v0.76.1

What's Changed

• [codex] align CLI output contracts by @msaad00 in #1321
• [codex] align graph and contributor extras by @msaad00 in #1322
• chore(deps): bump react from 19.2.4 to 19.2.5 in /ui by @dependabot[bot] in #1326
• chore(deps): bump react-dom from 19.2.4 to 19.2.5 in /ui by @dependabot[bot] in #1324
• [codex] align live MITRE STIX parsing by @msaad00 in #1323
• chore(deps): bump github/codeql-action from 4.32.4 to 4.35.1 by @dependabot[bot] in #1325
• chore(deps): bump lucide-react from 1.7.0 to 1.8.0 in /ui by @dependabot[bot] in #1327
• chore(deps-dev): bump eslint-config-next from 16.2.2 to 16.2.3 in /ui by @dependabot[bot] in #1328
• chore(deps): bump next from 16.2.2 to 16.2.3 in /ui by @dependabot[bot] in #1329
• [codex] harden Docker Hub release workflow by @msaad00 in #1330
• [codex] prepare 0.76.1 release by @msaad00 in #1331

Full Changelog: v0...v0.76.1

v0.76.0

What's Changed

• feat(api): polish distributed tracing headers by @msaad00 in #1246
• feat(ci): guard JS supply chain surfaces by @msaad00 in #1248
• chore(deps-dev): bump @types/node from 25.5.0 to 25.5.2 in /sdks/typescript by @dependabot[bot] in #1249
• chore(deps-dev): bump typescript from 5.9.3 to 6.0.2 in /sdks/typescript by @dependabot[bot] in #1250
• feat(skills): resolve JS import aliases in code analysis by @msaad00 in #1251
• feat(api): expose tracing health and baggage by @msaad00 in #1252
• feat(scan): surface project lockfile inventory by @msaad00 in #1253
• feat(scan): expose model supply-chain coverage by @msaad00 in #1254
• feat(scan): surface model bundle lineage by @msaad00 in #1255
• feat(api): make ClickHouse analytics a first-class backend by @msaad00 in #1256
• feat(scan): surface advisory depth for project inventory by @msaad00 in #1257
• feat(verify): add model weight verification CLI by @msaad00 in #1258
• feat(report): diff external sboms against scans by @msaad00 in #1259
• feat(scan): expose advisory source attribution by @msaad00 in #1260
• docs(enterprise): map claims to controls and community paths by @msaad00 in #1261
• docs(community): publish Discord support link by @msaad00 in #1262
• docs(demo): refresh storefront hero surfaces by @msaad00 in #1265
• feat(clickhouse): persist API scan analytics by @msaad00 in #1266
• chore(deps): bump vite from 8.0.1 to 8.0.5 in /ui by @dependabot[bot] in #1270
• chore: weekly uv.lock upgrade 2026-04-06 by @github-actions[bot] in #1267
• chore: sync MCP registry — 0 new, 0 from toolhive, 9 versions, 0 CVE-enriched by @github-actions[bot] in #1269
• ci: sign automation update commits by @msaad00 in #1271
• feat(clickhouse): add fleet compliance and audit analytics by @msaad00 in #1272
• docs: sharpen release surfaces and graph focus by @msaad00 in #1273
• fix(docs): remove stray readme conflict marker by @msaad00 in #1275
• feat(cli): add standalone remediate command by @msaad00 in #1276
• refactor(cli): extract shared scan runner from remediate by @msaad00 in #1278
• feat(graph): collapse CVEs behind package summaries by @msaad00 in #1279
• chore(deps-dev): bump jsdom from 29.0.1 to 29.0.2 in /ui by @dependabot[bot] in #1280
• [codex] add js ts ast fallback analysis by @msaad00 in #1282
• feat(graph): unified OCSF-aligned graph schema with persistence by @msaad00 in #1283
• feat(graph): unified OCSF-aligned graph schema, pipeline wiring, query endpoints by @msaad00 in #1284
• [codex] fix CI Railway health probes for deployment drift checks by @msaad00 in #1285
• feat(graph): full inventory builder + Wave 1 enhancements by @msaad00 in #1286
• feat: advance AST and SAST analysis paths by @msaad00 in #1287
• feat(graph): Wave 1 — reverse queries, impact, search, runtime edges, full entity model by @msaad00 in #1288
• feat(graph): Wave 2-3 — pagination, RBAC, presets, webhooks, OCSF enrichment by @msaad00 in #1289
• feat: deepen AST taint and control-flow analysis by @msaad00 in #1290
• chore(deps-dev): bump vitest from 4.1.2 to 4.1.3 in /ui by @dependabot[bot] in #1291
• chore(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 by @dependabot[bot] in #1292
• harden unified graph snapshot persistence and report ingestion by @msaad00 in #1293
• fix concurrent scanner state and scan cache access by @msaad00 in #1294
• feat(graph): move graph page onto unified graph api by @msaad00 in #1295
• feat(graph): add server-backed explorer controls by @msaad00 in #1296
• feat(graph): add attack-path drilldown and unify security route by @msaad00 in #1297
• chore: tighten release claims and bump cryptography by @msaad00 in #1298
• feat(graph): add postgres graph store backend by @msaad00 in #1299
• feat(graph): deliver delta alerts and tighten claims by @msaad00 in #1300
• perf: speed graph search and harden security coverage by @msaad00 in #1301
• feat: deepen AST and SAST analysis by @msaad00 in #1302
• feat: deepen Go AST and custom SAST workflows by @msaad00 in #1303
• feat: expand first-party AST security heuristics by @msaad00 in #1304
• fix: harden graph delta delivery and path semantics by @msaad00 in #1305
• feat: deepen AST cross-file and flow heuristics by @msaad00 in #1306
• feat: deepen JS/TS AST interprocedural analysis by @msaad00 in #1307
• feat: add JS/TS taint-aware interprocedural flows by @msaad00 in #1309
• feat: add Go AST cross-file taint analysis by @msaad00 in #1310
• fix: harden CodeQL SARIF upload path by @msaad00 in #1311
• docs: align README with current product path by @msaad00 in #1312
• feat: add per-layer CVE attribution for container images by @msaad00 in #1315
• feat: add PDF export for scan reports by @msaad00 in #1316
• polish: tighten README visuals and demo scan output by @msaad00 in #1317
• release: prepare 0.76.0 by @msaad00 in #1318
• fix: replace PDF renderer with built-in export by @msaad00 in #1319

Full Changelog: v0...v0.76.0

agent-bom v0.75.15

What's Changed

• feat(ci): add daily preventive security automation by @msaad00 in #1213
• chore(deps): bump next from 16.2.1 to 16.2.2 in /ui by @dependabot[bot] in #1218
• chore(deps-dev): bump @types/node from 25.5.0 to 25.5.2 in /ui by @dependabot[bot] in #1221
• fix(api): enforce tenant isolation on fleet and schedules by @msaad00 in #1222
• feat(helm): harden chart security defaults by @msaad00 in #1214
• chore(deps): bump docker/login-action from 4.0.0 to 4.1.0 by @dependabot[bot] in #1220
• chore(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 by @dependabot[bot] in #1215
• chore(deps-dev): bump eslint-config-next from 16.2.1 to 16.2.2 in /ui by @dependabot[bot] in #1216
• docs: align repo surfaces with 0.75.14 posture by @msaad00 in #1223
• fix(api): scope enterprise auth and exceptions by tenant by @msaad00 in #1224
• chore(deps-dev): bump vitest from 4.1.0 to 4.1.2 in /ui by @dependabot[bot] in #1217
• chore(deps-dev): bump eslint from 9.39.4 to 10.2.0 in /ui by @dependabot[bot] in #1219
• fix(ci): verify authenticated Railway freshness by @msaad00 in #1226
• fix(api): tighten RBAC and OIDC tenant scoping by @msaad00 in #1227
• docs: codify upgrade and release hygiene by @msaad00 in #1228
• feat(postgres): add first tenant RLS slice by @msaad00 in #1229
• feat(api): tenant-scope scan jobs by @msaad00 in #1230
• feat(api): persist enterprise stores in postgres by @msaad00 in #1231
• feat(api): scope gateway policies by tenant by @msaad00 in #1232
• feat(helm): add monitor readiness and metrics wiring by @msaad00 in #1233
• feat(api): persist audit and trend stores in postgres by @msaad00 in #1234
• feat(api): complete postgres tenant RLS coverage by @msaad00 in #1235
• feat/api shared rate limit by @msaad00 in #1236
• feat(helm): replace allow-all egress with explicit defaults by @msaad00 in #1238
• feat/skills batch scan by @msaad00 in #1237
• feat(skills): add versioned output schemas by @msaad00 in #1239
• feat(skills): add python AST risk detection by @msaad00 in #1240
• feat(skills): add JS/TS code-block risk analysis by @msaad00 in #1241
• feat(api): add request tracing and OTLP export by @msaad00 in #1242
• fix(action): pass through proxy and CA env vars by @msaad00 in #1243
• chore(release): prepare v0.75.15 by @msaad00 in #1244
• feat(helm): add monitor ingress and pdb support by @msaad00 in #1245

Full Changelog: v0...v0.75.15

agent-bom v0.75.14

What's Changed

• fix(mcp): shorten registry description for schema validation by @msaad00 in #1181
• docs(mcp): expand first-class client integration guides by @msaad00 in #1182
• chore: tighten audit-driven docs and config hygiene by @msaad00 in #1183
• feat(skills): deepen review verdicts and behavior analysis by @msaad00 in #1184
• fix: resolve remaining v0.75.13 audit findings by @msaad00 in #1185
• docs: clarify local UI traffic vs third-party network calls by @msaad00 in #1188
• feat(action): add skills scan mode and verdict gating by @msaad00 in #1187
• fix(action): keep skills mode off vuln-scan flags by @msaad00 in #1190
• docs: clean low-visibility hygiene stragglers by @msaad00 in #1191
• perf: improve scan latency and cache hit rate across enrichment by @msaad00 in #1192
• remediation: avoid prerelease fix suggestions by default by @msaad00 in #1193
• tests: eliminate leaked runtime coroutine warnings by @msaad00 in #1194
• scorecard: improve transient failure handling and coverage reporting by @msaad00 in #1195
• fix(ui): align scan result contract with backend payload by @msaad00 in #1196
• fix(scorecard): bound long-lived service caches by @msaad00 in #1197
• fix(mcp): harden tool path handling and error output by @msaad00 in #1198
• fix(api): fail closed on unauthenticated non-loopback binds by @msaad00 in #1199
• fix(action): harden argv handling and CI summaries by @msaad00 in #1200
• feat(mcp): add tool governance and metrics by @msaad00 in #1201
• feat(docker): add enterprise proxy and CA support by @msaad00 in #1202
• fix(action): harden execution contract and summaries by @msaad00 in #1203
• feat(mcp): require auth on remote transports by @msaad00 in #1204
• feat(docker): add snowpark proxy and ca support by @msaad00 in #1205
• fix(deploy): require railway bearer token for mcp startup by @msaad00 in #1207
• chore(deps): bump litellm from 1.82.6 to 1.83.0 by @dependabot[bot] in #1206
• fix(docker): build runtime image from source by @msaad00 in #1208
• fix(action): validate thresholds and sanitize comments by @msaad00 in #1209
• fix(mcp): govern sync tool execution by @msaad00 in #1210
• feat(mcp): add caller rate limits and request traces by @msaad00 in #1211
• chore(release): prepare v0.75.14 by @msaad00 in #1212

Full Changelog: v0...v0.75.14

v0.75.13

What's Changed

• fix(release): harden provenance bundle export by @msaad00 in #1157
• feat(cli): add operator summary and mesh view by @msaad00 in #1158
• feat(skills): add deterministic bundle identity by @msaad00 in #1164
• docs: clarify capabilities and deployment guidance by @msaad00 in #1167
• feat(remediation): add guided fix and verify commands by @msaad00 in #1159
• chore(deps): bump pygments from 2.19.2 to 2.20.0 by @dependabot[bot] in #1171
• chore: remove toolhive discovery surface by @msaad00 in #1173
• chore(deps): bump lucide-react from 0.577.0 to 1.7.0 in /ui by @dependabot[bot] in #1135
• chore(deps-dev): bump typescript from 5.9.3 to 6.0.2 in /ui by @dependabot[bot] in #1137
• chore: weekly uv.lock upgrade 2026-03-30 by @github-actions[bot] in #1169
• docs(mcp): deepen Claude and Cortex integration guides by @msaad00 in #1174
• docs: add canonical product brief and metrics by @msaad00 in #1175
• fix(scan): fail closed offline and surface incomplete results by @msaad00 in #1176
• fix(cli): sharpen sarif defaults and first-run guidance by @msaad00 in #1177
• fix: tighten release-facing CLI trust surfaces by @msaad00 in #1178
• release: prepare v0.75.13 by @msaad00 in #1179

New Contributors

• @github-actions[bot] made their first contribution in #1169

Full Changelog: v0.75.12...v0.75.13

agent-bom v0.75.12

What's Changed

• Fix post-release hygiene: uv.lock, demo, dist cleanup by @msaad00 in #1128
• Fix self-scan, provenance export, and release surface alignment by @msaad00 in #1129
• feat(cli): add first-class skills scan and verify by @msaad00 in #1139
• chore(deps): bump dependabot/fetch-metadata from 2.5.0 to 3.0.0 by @dependabot[bot] in #1138
• chore(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 by @dependabot[bot] in #1132
• chore(deps): bump recharts from 3.8.0 to 3.8.1 in /ui by @dependabot[bot] in #1136
• chore(deps): bump @xyflow/react from 12.10.1 to 12.10.2 in /ui by @dependabot[bot] in #1134
• chore(deps): bump @dagrejs/dagre from 2.0.4 to 3.0.0 in /ui by @dependabot[bot] in #1133
• chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 by @dependabot[bot] in #1131
• chore(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @dependabot[bot] in #1130
• Fix filesystem scan output credibility by @msaad00 in #1140
• Improve advisory labeling and resolver continuity by @msaad00 in #1141
• Add live MCP tool capability risk scoring by @msaad00 in #1142
• Harden npm version resolution backpressure by @msaad00 in #1143
• Align CLI first-run and quickstart surfaces by @msaad00 in #1144
• Polish dashboard hero and graph visuals by @msaad00 in #1145
• Tighten remediation JSON and posture messaging by @msaad00 in #1146
• fix(ui): align eslint with next peer range by @msaad00 in #1147
• fix(scorecard): resolve source metadata before enrichment by @msaad00 in #1148
• chore: prepare 0.75.12 release by @msaad00 in #1149
• fix: close final 0.75.12 carry-forwards by @msaad00 in #1150
• docs: polish release audit cosmetics by @msaad00 in #1151
• docs: sharpen CI/CD and enterprise adoption paths by @msaad00 in #1152

Full Changelog: v0...v0.75.12

agent-bom v0.75.11

What's Changed

• Add CWE impact classification engine and CLI UX improvements by @msaad00 in #1116
• Wire CWE-aware filtering into blast radius construction by @msaad00 in #1117
• Fix compliance framework count and README cleanup by @msaad00 in #1118
• Harden supply chain pinning and add dynamic framework count by @msaad00 in #1119
• Polish CLI output, fix Dockerfile hash pinning, refresh demo by @msaad00 in #1122
• Add reachability context to SARIF/VEX and dependency confusion detection by @msaad00 in #1123
• Fix demo enrichment, show unscored vulns, enable Rich colors by @msaad00 in #1124
• Add CWE impact to check command, condense discovery output by @msaad00 in #1125
• README overhaul, proxy detector telemetry, docs alignment by @msaad00 in #1126
• chore: release 0.75.11 by @msaad00 in #1127

Full Changelog: v0...v0.75.11

agent-bom v0.75.10

What's Changed

• Refresh stale 0.75.9 demo asset by @msaad00 in #1107
• Stabilize requests and UI dependency advisories by @msaad00 in #1108
• Tighten final 0.75.10 stability edges by @msaad00 in #1109
• chore(deps): bump cryptography from 46.0.5 to 46.0.6 by @dependabot[bot] in #1110
• Harden runtime stdin and Slack delivery reporting by @msaad00 in #1111
• Polish release surfaces and fix offline demo DB path by @msaad00 in #1112
• Polish hero demo and release positioning by @msaad00 in #1113
• Align release-facing surfaces before 0.75.10 by @msaad00 in #1114
• chore: release 0.75.10 by @msaad00 in #1115

Full Changelog: v0...v0.75.10