Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: update CI workflow permissions for GitHub Actions * chore: update CI workflow to include develop branch for push and pull request triggers * chore: ensure newline at end of file in CI workflow configuration
- Add npm README with full documentation Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: add GitHub Action (composite) for route-auditor
Allows users to run route-auditor directly in GitHub Actions:
- uses: ayaxsoft/route-auditor@v1
with:
directory: .
fail-on: high
sarif-file: results.sarif
Inputs: directory, severity, fail-on, output, sarif-file, config, version
Output: sarif-file path
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: remove unnecessary space in GitHub Actions workflow permissions
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs: fix README table formatting Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: improve table formatting in README for better readability --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: move @route-auditor/shared to devDependencies tsup bundles it into dist — having it in dependencies caused E404 when users ran npx @route-auditor/cli in external projects. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: release @route-auditor/cli@0.1.2 - Fix table formatting in README to prevent wrapping on GitHub and npm. - Move `@route-auditor/shared` to devDependencies to resolve npm install issues in external projects. * chore: remove example GitHub Actions workflow for route-auditor This commit deletes the example usage workflow file, which demonstrated how to use the route-auditor GitHub Action. The removal is part of a cleanup process to streamline the repository. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…32) * fix: replace createRequire(import.meta.url) with build-time constant import.meta.url is undefined in CJS bundles, crashing the CLI when run via npx. tsup now injects __PACKAGE_VERSION__ at build time. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: resolve CLI crash by replacing createRequire with build-time constant Updated the CLI to prevent crashes when run via npx by substituting createRequire(import.meta.url) with a build-time constant injected by tsup, ensuring compatibility with both CJS and ESM bundles. * fix: add __PACKAGE_VERSION__ define to vitest config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: change example workflow to workflow_dispatch only Prevents it from running automatically on push since this repo is not a Next.js project. Also upgrades codeql-action to v4. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs: enhance README and CLI documentation for GitHub Action integration * chore: remove example GitHub Actions workflow for route-auditor to streamline repository
* refactor: centralize severity constants and improve auth detection logic * chore: add changeset for code style fixes in AGENTS.md * refactor: remove unused authentication detection logic from unprotected-sensitive-page.ts
* feat: add security rules, rules management command, and test coverage - Add 4 new audit rules: insecure cookies, missing webhook verification, path traversal, and hardcoded secret detection (RW-COOKIE-001, RW-WEBHOOK-001, RW-PATH-001, RW-SECRET-001) - Add `rules` CLI command to list, enable, and disable rules interactively - Fix audit command to fall back to cwd when config not found in projectRoot - Extract shared SEVERITY_COLOR map to utils/severity-color.ts (DRY) - Add constants.ts with MIN_SECRET_VALUE_LENGTH - Add test coverage for all new rules, commands, and config resolution Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add new audit rules and CLI command for rules management - Introduced 4 new audit rules: insecure cookies (RW-COOKIE-001), missing webhook verification (RW-WEBHOOK-001), path traversal (RW-PATH-001), and hardcoded secret detection (RW-SECRET-001). - Added a `rules` CLI command for interactive management of audit rules. - Fixed configuration resolution in the audit command to default to the current working directory when no config is found in the project root. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs: update README and CLI documentation for improved clarity - Enhanced the README with a quick start guide and detailed command options. - Added a new section for audit options and rules management. - Updated configuration examples and ignore patterns for better usability. - Removed outdated content and improved formatting for readability. * fix: correct table formatting for insecure cookie rule in README and CLI documentation - Adjusted the alignment of the 'Insecure Cookie' rule entry in both README.md and packages/cli/README.md for improved readability.
* chore: release v0.1.6 (#43) * chore: set changesets baseBranch to develop Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: update CI workflow permissions for GitHub Actions (#23) * chore: update CI workflow permissions for GitHub Actions * chore: update CI workflow to include develop branch for push and pull request triggers * chore: ensure newline at end of file in CI workflow configuration * chore: release @route-auditor/cli@0.1.1 (#24) - Add npm README with full documentation Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add GitHub Action (composite) for route-auditor (#26) * feat: add GitHub Action (composite) for route-auditor Allows users to run route-auditor directly in GitHub Actions: - uses: ayaxsoft/route-auditor@v1 with: directory: . fail-on: high sarif-file: results.sarif Inputs: directory, severity, fail-on, output, sarif-file, config, version Output: sarif-file path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: remove unnecessary space in GitHub Actions workflow permissions --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: fix README table formatting (#27) * docs: fix README table formatting Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: improve table formatting in README for better readability --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix/shared bundled (#29) * fix: move @route-auditor/shared to devDependencies tsup bundles it into dist — having it in dependencies caused E404 when users ran npx @route-auditor/cli in external projects. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: release @route-auditor/cli@0.1.2 - Fix table formatting in README to prevent wrapping on GitHub and npm. - Move `@route-auditor/shared` to devDependencies to resolve npm install issues in external projects. * chore: remove example GitHub Actions workflow for route-auditor This commit deletes the example usage workflow file, which demonstrated how to use the route-auditor GitHub Action. The removal is part of a cleanup process to streamline the repository. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: replace createRequire(import.meta.url) with build-time constant (#32) * fix: replace createRequire(import.meta.url) with build-time constant import.meta.url is undefined in CJS bundles, crashing the CLI when run via npx. tsup now injects __PACKAGE_VERSION__ at build time. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: resolve CLI crash by replacing createRequire with build-time constant Updated the CLI to prevent crashes when run via npx by substituting createRequire(import.meta.url) with a build-time constant injected by tsup, ensuring compatibility with both CJS and ESM bundles. * fix: add __PACKAGE_VERSION__ define to vitest config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: change example workflow to workflow_dispatch only Prevents it from running automatically on push since this repo is not a Next.js project. Also upgrades codeql-action to v4. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * ci: auto-sync develop with main after every merge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: update readme with ci steps (#38) * docs: enhance README and CLI documentation for GitHub Action integration * chore: remove example GitHub Actions workflow for route-auditor to streamline repository * docs: update variable naming examples in AGENTS.md (#40) * docs: update repository URL in README.md (#41) * fix: Agent rules compilance (#42) * refactor: centralize severity constants and improve auth detection logic * chore: add changeset for code style fixes in AGENTS.md * refactor: remove unused authentication detection logic from unprotected-sensitive-page.ts --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: release packages (#44) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: release v0.2.0 (#47) * chore: set changesets baseBranch to develop Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: update CI workflow permissions for GitHub Actions (#23) * chore: update CI workflow permissions for GitHub Actions * chore: update CI workflow to include develop branch for push and pull request triggers * chore: ensure newline at end of file in CI workflow configuration * chore: release @route-auditor/cli@0.1.1 (#24) - Add npm README with full documentation Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add GitHub Action (composite) for route-auditor (#26) * feat: add GitHub Action (composite) for route-auditor Allows users to run route-auditor directly in GitHub Actions: - uses: ayaxsoft/route-auditor@v1 with: directory: . fail-on: high sarif-file: results.sarif Inputs: directory, severity, fail-on, output, sarif-file, config, version Output: sarif-file path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: remove unnecessary space in GitHub Actions workflow permissions --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: fix README table formatting (#27) * docs: fix README table formatting Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: improve table formatting in README for better readability --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix/shared bundled (#29) * fix: move @route-auditor/shared to devDependencies tsup bundles it into dist — having it in dependencies caused E404 when users ran npx @route-auditor/cli in external projects. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: release @route-auditor/cli@0.1.2 - Fix table formatting in README to prevent wrapping on GitHub and npm. - Move `@route-auditor/shared` to devDependencies to resolve npm install issues in external projects. * chore: remove example GitHub Actions workflow for route-auditor This commit deletes the example usage workflow file, which demonstrated how to use the route-auditor GitHub Action. The removal is part of a cleanup process to streamline the repository. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: replace createRequire(import.meta.url) with build-time constant (#32) * fix: replace createRequire(import.meta.url) with build-time constant import.meta.url is undefined in CJS bundles, crashing the CLI when run via npx. tsup now injects __PACKAGE_VERSION__ at build time. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: resolve CLI crash by replacing createRequire with build-time constant Updated the CLI to prevent crashes when run via npx by substituting createRequire(import.meta.url) with a build-time constant injected by tsup, ensuring compatibility with both CJS and ESM bundles. * fix: add __PACKAGE_VERSION__ define to vitest config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: change example workflow to workflow_dispatch only Prevents it from running automatically on push since this repo is not a Next.js project. Also upgrades codeql-action to v4. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * ci: auto-sync develop with main after every merge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: update readme with ci steps (#38) * docs: enhance README and CLI documentation for GitHub Action integration * chore: remove example GitHub Actions workflow for route-auditor to streamline repository * docs: update variable naming examples in AGENTS.md (#40) * docs: update repository URL in README.md (#41) * fix: Agent rules compilance (#42) * refactor: centralize severity constants and improve auth detection logic * chore: add changeset for code style fixes in AGENTS.md * refactor: remove unused authentication detection logic from unprotected-sensitive-page.ts * feat: security rules and rules command (#45) * feat: add security rules, rules management command, and test coverage - Add 4 new audit rules: insecure cookies, missing webhook verification, path traversal, and hardcoded secret detection (RW-COOKIE-001, RW-WEBHOOK-001, RW-PATH-001, RW-SECRET-001) - Add `rules` CLI command to list, enable, and disable rules interactively - Fix audit command to fall back to cwd when config not found in projectRoot - Extract shared SEVERITY_COLOR map to utils/severity-color.ts (DRY) - Add constants.ts with MIN_SECRET_VALUE_LENGTH - Add test coverage for all new rules, commands, and config resolution Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add new audit rules and CLI command for rules management - Introduced 4 new audit rules: insecure cookies (RW-COOKIE-001), missing webhook verification (RW-WEBHOOK-001), path traversal (RW-PATH-001), and hardcoded secret detection (RW-SECRET-001). - Added a `rules` CLI command for interactive management of audit rules. - Fixed configuration resolution in the audit command to default to the current working directory when no config is found in the project root. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: update README and CLI documentation for improved clarity (#46) * docs: update README and CLI documentation for improved clarity - Enhanced the README with a quick start guide and detailed command options. - Added a new section for audit options and rules management. - Updated configuration examples and ignore patterns for better usability. - Removed outdated content and improved formatting for readability. * fix: correct table formatting for insecure cookie rule in README and CLI documentation - Adjusted the alignment of the 'Insecure Cookie' rule entry in both README.md and packages/cli/README.md for improved readability. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: release packages (#48) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Builds the complete landing page from scratch with a minimal, dark-only design. Includes animated terminal demo with random scenarios, copy command button, and GitHub star CTA. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: release v0.1.6 (#43) * chore: set changesets baseBranch to develop Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: update CI workflow permissions for GitHub Actions (#23) * chore: update CI workflow permissions for GitHub Actions * chore: update CI workflow to include develop branch for push and pull request triggers * chore: ensure newline at end of file in CI workflow configuration * chore: release @route-auditor/cli@0.1.1 (#24) - Add npm README with full documentation Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add GitHub Action (composite) for route-auditor (#26) * feat: add GitHub Action (composite) for route-auditor Allows users to run route-auditor directly in GitHub Actions: - uses: ayaxsoft/route-auditor@v1 with: directory: . fail-on: high sarif-file: results.sarif Inputs: directory, severity, fail-on, output, sarif-file, config, version Output: sarif-file path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: remove unnecessary space in GitHub Actions workflow permissions --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: fix README table formatting (#27) * docs: fix README table formatting Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: improve table formatting in README for better readability --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix/shared bundled (#29) * fix: move @route-auditor/shared to devDependencies tsup bundles it into dist — having it in dependencies caused E404 when users ran npx @route-auditor/cli in external projects. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: release @route-auditor/cli@0.1.2 - Fix table formatting in README to prevent wrapping on GitHub and npm. - Move `@route-auditor/shared` to devDependencies to resolve npm install issues in external projects. * chore: remove example GitHub Actions workflow for route-auditor This commit deletes the example usage workflow file, which demonstrated how to use the route-auditor GitHub Action. The removal is part of a cleanup process to streamline the repository. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: replace createRequire(import.meta.url) with build-time constant (#32) * fix: replace createRequire(import.meta.url) with build-time constant import.meta.url is undefined in CJS bundles, crashing the CLI when run via npx. tsup now injects __PACKAGE_VERSION__ at build time. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: resolve CLI crash by replacing createRequire with build-time constant Updated the CLI to prevent crashes when run via npx by substituting createRequire(import.meta.url) with a build-time constant injected by tsup, ensuring compatibility with both CJS and ESM bundles. * fix: add __PACKAGE_VERSION__ define to vitest config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: change example workflow to workflow_dispatch only Prevents it from running automatically on push since this repo is not a Next.js project. Also upgrades codeql-action to v4. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * ci: auto-sync develop with main after every merge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: update readme with ci steps (#38) * docs: enhance README and CLI documentation for GitHub Action integration * chore: remove example GitHub Actions workflow for route-auditor to streamline repository * docs: update variable naming examples in AGENTS.md (#40) * docs: update repository URL in README.md (#41) * fix: Agent rules compilance (#42) * refactor: centralize severity constants and improve auth detection logic * chore: add changeset for code style fixes in AGENTS.md * refactor: remove unused authentication detection logic from unprotected-sensitive-page.ts --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: release packages (#44) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: release v0.2.0 (#47) * chore: set changesets baseBranch to develop Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: update CI workflow permissions for GitHub Actions (#23) * chore: update CI workflow permissions for GitHub Actions * chore: update CI workflow to include develop branch for push and pull request triggers * chore: ensure newline at end of file in CI workflow configuration * chore: release @route-auditor/cli@0.1.1 (#24) - Add npm README with full documentation Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add GitHub Action (composite) for route-auditor (#26) * feat: add GitHub Action (composite) for route-auditor Allows users to run route-auditor directly in GitHub Actions: - uses: ayaxsoft/route-auditor@v1 with: directory: . fail-on: high sarif-file: results.sarif Inputs: directory, severity, fail-on, output, sarif-file, config, version Output: sarif-file path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: remove unnecessary space in GitHub Actions workflow permissions --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: fix README table formatting (#27) * docs: fix README table formatting Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: improve table formatting in README for better readability --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix/shared bundled (#29) * fix: move @route-auditor/shared to devDependencies tsup bundles it into dist — having it in dependencies caused E404 when users ran npx @route-auditor/cli in external projects. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: release @route-auditor/cli@0.1.2 - Fix table formatting in README to prevent wrapping on GitHub and npm. - Move `@route-auditor/shared` to devDependencies to resolve npm install issues in external projects. * chore: remove example GitHub Actions workflow for route-auditor This commit deletes the example usage workflow file, which demonstrated how to use the route-auditor GitHub Action. The removal is part of a cleanup process to streamline the repository. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: replace createRequire(import.meta.url) with build-time constant (#32) * fix: replace createRequire(import.meta.url) with build-time constant import.meta.url is undefined in CJS bundles, crashing the CLI when run via npx. tsup now injects __PACKAGE_VERSION__ at build time. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: resolve CLI crash by replacing createRequire with build-time constant Updated the CLI to prevent crashes when run via npx by substituting createRequire(import.meta.url) with a build-time constant injected by tsup, ensuring compatibility with both CJS and ESM bundles. * fix: add __PACKAGE_VERSION__ define to vitest config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: change example workflow to workflow_dispatch only Prevents it from running automatically on push since this repo is not a Next.js project. Also upgrades codeql-action to v4. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * ci: auto-sync develop with main after every merge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: update readme with ci steps (#38) * docs: enhance README and CLI documentation for GitHub Action integration * chore: remove example GitHub Actions workflow for route-auditor to streamline repository * docs: update variable naming examples in AGENTS.md (#40) * docs: update repository URL in README.md (#41) * fix: Agent rules compilance (#42) * refactor: centralize severity constants and improve auth detection logic * chore: add changeset for code style fixes in AGENTS.md * refactor: remove unused authentication detection logic from unprotected-sensitive-page.ts * feat: security rules and rules command (#45) * feat: add security rules, rules management command, and test coverage - Add 4 new audit rules: insecure cookies, missing webhook verification, path traversal, and hardcoded secret detection (RW-COOKIE-001, RW-WEBHOOK-001, RW-PATH-001, RW-SECRET-001) - Add `rules` CLI command to list, enable, and disable rules interactively - Fix audit command to fall back to cwd when config not found in projectRoot - Extract shared SEVERITY_COLOR map to utils/severity-color.ts (DRY) - Add constants.ts with MIN_SECRET_VALUE_LENGTH - Add test coverage for all new rules, commands, and config resolution Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add new audit rules and CLI command for rules management - Introduced 4 new audit rules: insecure cookies (RW-COOKIE-001), missing webhook verification (RW-WEBHOOK-001), path traversal (RW-PATH-001), and hardcoded secret detection (RW-SECRET-001). - Added a `rules` CLI command for interactive management of audit rules. - Fixed configuration resolution in the audit command to default to the current working directory when no config is found in the project root. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: update README and CLI documentation for improved clarity (#46) * docs: update README and CLI documentation for improved clarity - Enhanced the README with a quick start guide and detailed command options. - Added a new section for audit options and rules management. - Updated configuration examples and ignore patterns for better usability. - Removed outdated content and improved formatting for readability. * fix: correct table formatting for insecure cookie rule in README and CLI documentation - Adjusted the alignment of the 'Insecure Cookie' rule entry in both README.md and packages/cli/README.md for improved readability. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: release packages (#48) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: release v0.1.6 (#43) * chore: set changesets baseBranch to develop Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: update CI workflow permissions for GitHub Actions (#23) * chore: update CI workflow permissions for GitHub Actions * chore: update CI workflow to include develop branch for push and pull request triggers * chore: ensure newline at end of file in CI workflow configuration * chore: release @route-auditor/cli@0.1.1 (#24) - Add npm README with full documentation Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add GitHub Action (composite) for route-auditor (#26) * feat: add GitHub Action (composite) for route-auditor Allows users to run route-auditor directly in GitHub Actions: - uses: ayaxsoft/route-auditor@v1 with: directory: . fail-on: high sarif-file: results.sarif Inputs: directory, severity, fail-on, output, sarif-file, config, version Output: sarif-file path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: remove unnecessary space in GitHub Actions workflow permissions --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: fix README table formatting (#27) * docs: fix README table formatting Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: improve table formatting in README for better readability --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix/shared bundled (#29) * fix: move @route-auditor/shared to devDependencies tsup bundles it into dist — having it in dependencies caused E404 when users ran npx @route-auditor/cli in external projects. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: release @route-auditor/cli@0.1.2 - Fix table formatting in README to prevent wrapping on GitHub and npm. - Move `@route-auditor/shared` to devDependencies to resolve npm install issues in external projects. * chore: remove example GitHub Actions workflow for route-auditor This commit deletes the example usage workflow file, which demonstrated how to use the route-auditor GitHub Action. The removal is part of a cleanup process to streamline the repository. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: replace createRequire(import.meta.url) with build-time constant (#32) * fix: replace createRequire(import.meta.url) with build-time constant import.meta.url is undefined in CJS bundles, crashing the CLI when run via npx. tsup now injects __PACKAGE_VERSION__ at build time. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: resolve CLI crash by replacing createRequire with build-time constant Updated the CLI to prevent crashes when run via npx by substituting createRequire(import.meta.url) with a build-time constant injected by tsup, ensuring compatibility with both CJS and ESM bundles. * fix: add __PACKAGE_VERSION__ define to vitest config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: change example workflow to workflow_dispatch only Prevents it from running automatically on push since this repo is not a Next.js project. Also upgrades codeql-action to v4. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * ci: auto-sync develop with main after every merge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: update readme with ci steps (#38) * docs: enhance README and CLI documentation for GitHub Action integration * chore: remove example GitHub Actions workflow for route-auditor to streamline repository * docs: update variable naming examples in AGENTS.md (#40) * docs: update repository URL in README.md (#41) * fix: Agent rules compilance (#42) * refactor: centralize severity constants and improve auth detection logic * chore: add changeset for code style fixes in AGENTS.md * refactor: remove unused authentication detection logic from unprotected-sensitive-page.ts --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: release packages (#44) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: release v0.2.0 (#47) * chore: set changesets baseBranch to develop Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: update CI workflow permissions for GitHub Actions (#23) * chore: update CI workflow permissions for GitHub Actions * chore: update CI workflow to include develop branch for push and pull request triggers * chore: ensure newline at end of file in CI workflow configuration * chore: release @route-auditor/cli@0.1.1 (#24) - Add npm README with full documentation Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add GitHub Action (composite) for route-auditor (#26) * feat: add GitHub Action (composite) for route-auditor Allows users to run route-auditor directly in GitHub Actions: - uses: ayaxsoft/route-auditor@v1 with: directory: . fail-on: high sarif-file: results.sarif Inputs: directory, severity, fail-on, output, sarif-file, config, version Output: sarif-file path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: remove unnecessary space in GitHub Actions workflow permissions --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: fix README table formatting (#27) * docs: fix README table formatting Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: improve table formatting in README for better readability --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix/shared bundled (#29) * fix: move @route-auditor/shared to devDependencies tsup bundles it into dist — having it in dependencies caused E404 when users ran npx @route-auditor/cli in external projects. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: release @route-auditor/cli@0.1.2 - Fix table formatting in README to prevent wrapping on GitHub and npm. - Move `@route-auditor/shared` to devDependencies to resolve npm install issues in external projects. * chore: remove example GitHub Actions workflow for route-auditor This commit deletes the example usage workflow file, which demonstrated how to use the route-auditor GitHub Action. The removal is part of a cleanup process to streamline the repository. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: replace createRequire(import.meta.url) with build-time constant (#32) * fix: replace createRequire(import.meta.url) with build-time constant import.meta.url is undefined in CJS bundles, crashing the CLI when run via npx. tsup now injects __PACKAGE_VERSION__ at build time. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: resolve CLI crash by replacing createRequire with build-time constant Updated the CLI to prevent crashes when run via npx by substituting createRequire(import.meta.url) with a build-time constant injected by tsup, ensuring compatibility with both CJS and ESM bundles. * fix: add __PACKAGE_VERSION__ define to vitest config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: change example workflow to workflow_dispatch only Prevents it from running automatically on push since this repo is not a Next.js project. Also upgrades codeql-action to v4. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * ci: auto-sync develop with main after every merge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: update readme with ci steps (#38) * docs: enhance README and CLI documentation for GitHub Action integration * chore: remove example GitHub Actions workflow for route-auditor to streamline repository * docs: update variable naming examples in AGENTS.md (#40) * docs: update repository URL in README.md (#41) * fix: Agent rules compilance (#42) * refactor: centralize severity constants and improve auth detection logic * chore: add changeset for code style fixes in AGENTS.md * refactor: remove unused authentication detection logic from unprotected-sensitive-page.ts * feat: security rules and rules command (#45) * feat: add security rules, rules management command, and test coverage - Add 4 new audit rules: insecure cookies, missing webhook verification, path traversal, and hardcoded secret detection (RW-COOKIE-001, RW-WEBHOOK-001, RW-PATH-001, RW-SECRET-001) - Add `rules` CLI command to list, enable, and disable rules interactively - Fix audit command to fall back to cwd when config not found in projectRoot - Extract shared SEVERITY_COLOR map to utils/severity-color.ts (DRY) - Add constants.ts with MIN_SECRET_VALUE_LENGTH - Add test coverage for all new rules, commands, and config resolution Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add new audit rules and CLI command for rules management - Introduced 4 new audit rules: insecure cookies (RW-COOKIE-001), missing webhook verification (RW-WEBHOOK-001), path traversal (RW-PATH-001), and hardcoded secret detection (RW-SECRET-001). - Added a `rules` CLI command for interactive management of audit rules. - Fixed configuration resolution in the audit command to default to the current working directory when no config is found in the project root. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: update README and CLI documentation for improved clarity (#46) * docs: update README and CLI documentation for improved clarity - Enhanced the README with a quick start guide and detailed command options. - Added a new section for audit options and rules management. - Updated configuration examples and ignore patterns for better usability. - Removed outdated content and improved formatting for readability. * fix: correct table formatting for insecure cookie rule in README and CLI documentation - Adjusted the alignment of the 'Insecure Cookie' rule entry in both README.md and packages/cli/README.md for improved readability. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: release packages (#48) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.