v0.8.3

Changelog

• cee87c1 chore(release): cut v0.8.3 (#133)
• 8c57e9e Merge pull request #132 from sensiblebit/feat/connect-verbose-chain-metadata
• 95e4b39 fix(certstore): wrap wasm sqlite stub errors
• ebffca9 docs: refresh transport probe docs
• b5741be fix(certstore): stub sqlite persistence on wasm
• 3b16e56 feat(connect): show verbose chain PEM metadata
• ff9532a Merge pull request #131 from sensiblebit/feat/transport-probing
• 0a75991 fix(review): tighten STARTTLS result metadata
• dd5e6b6 fix(review): tighten helper and SSH parsing
• 58e8295 fix(review): tighten transport probe follow-ups
• 53e8904 fix(review): tighten probe review handling
• 42375c9 fix(review): clarify SSH and LDAP follow-ups
• 897dec4 fix(review): tighten transport review cleanup
• be024e3 fix(review): tighten transport policy follow-ups
• 602fcb2 fix(ssh): normalize SSH-1.99 protocol banner
• e9a0e71 docs(rules): add PR comment helper workflow
• d1956cc fix(review): tighten transport follow-ups
• 7b09a2d fix(review): tighten STARTTLS preflight checks
• 0611036 fix(review): tighten transport probe feedback
• eb9d00f fix(connect): label protocol-specific TLS upgrades
• 32236e3 fix(review): tighten transport probing edge cases
• babe06e fix(review): address transport probing feedback
• a97ef45 fix(cli): add probe ssh format flag
• 2ade505 fix(starttls): tighten preflight diagnostics
• 0adcb4d fix(ssh): send client kexinit before probing
• a5a6631 fix(review): tighten transport probe follow-ups
• be90192 fix(starttls): tolerate imap untagged prelude
• 86dbf71 docs: clarify shared SSH policy heuristics
• 3d2df2f fix(review): harden policy and SSH parsing
• 9aa5698 fix(review): tighten SSH and STARTTLS polish
• 4bf4f14 docs(rules): require PR docs audit agent
• 8078a64 docs: refresh examples and architecture
• 28235d1 fix(review): harden STARTTLS retry detection
• 3d5bf24 test(review): table-drive probe ssh output checks
• 4f09162 fix(review): harden STARTTLS preflight parsing
• 2f617f2 fix(review): tighten STARTTLS follow-ups
• 5ff59da docs(rules): require fresh PR comment snapshots
• d4cd6cb docs(rules): close stale agents before spawn
• 29c487c fix(review): harden transport protocol parsing
• 7d0c30c fix(review): tighten transport probe coverage
• dfffa29 ci: enable actionlint hook
• 4a7e3d5 refactor(ssh): use input structs in display helpers
• 9e2c203 docs(rules): require delegated review fixes
• 19e02e9 docs(rules): tighten push and PR workflow
• a4cb657 fix(review): tighten transport probe behavior
• 61d70cb docs(changelog): cover transport probe hardening
• 402e238 fix(review): harden transport probe edge cases
• a9da874 fix(review): tighten STARTTLS auto-detection
• a2cfd2e fix(review): simplify transport helper signatures
• 0727948 fix(review): handle additional STARTTLS cases
• 4e44313 fix(review): address transport probing feedback
• 8f548d1 feat(probe): add transport probing and STARTTLS support
• 13e9940 Merge pull request #130 from sensiblebit/chore/strict-golangci-lint
• 581ecd7 fix(scan): reuse symlink target stat for size checks
• 0e09bfa fix: address final review comments
• c652725 fix(quic): remove dead varint panic
• 902fbc7 fix(passwords): stream password files
• 96e60a6 chore(lint): add more useful golangci checks
• 07c7f50 fix: surface probe encoding failures
• e5e207c docs: allow stricter golangci repo config
• 9e2ef58 fix: restore sane output permissions
• 1cabcc5 fix: address review follow-ups
• 9bfc08b fix(probes): return errors on record length overflow
• 3eb9c52 fix(codeql): inline legacy sha1 compatibility paths
• 1863188 chore(lint): satisfy strict golangci config
• 51be9a6 chore(lint): reduce strict golangci baseline
• 2cf8db8 docs(go): add package comments
• bd1a270 chore(lint): enable strict golangci checks
• 066ad9f Merge pull request #129 from sensiblebit/fix/remove-wasm-file-cap
• 1281c5c fix(wasm): surface overflow warnings in inspect
• b5b7450 fix(wasm): keep scanning after total size overflow
• 3743603 fix(wasm): stop fan-out after total upload limit
• c68b53e docs(changelog): reference PR #129 for WASM cap removal
• a4cc8f5 fix(wasm): stop rejecting legitimate large folder drops

Nightly

Auto-updated nightly snapshot of main.

v0.8.2

What's Changed

• fix: consolidate AIA proxy allow list into suffix matches by @danielewood in #72
• feat: add AIA-fetched badge to inspect results by @danielewood in #73
• feat: add OtherName SAN generation and mTLS round-trip support by @danielewood in #74
• feat: add convert, sign, connect, ocsp, crl commands and verify --diagnose by @danielewood in #75
• fix: harden error handling, type assertions, and overflow guards by @danielewood in #76
• docs: update EXAMPLES.md and README.md for all current commands by @danielewood in #77
• feat: add OCSP and CRL revocation checking to connect command by @danielewood in #78
• refactor: auto-generate flag tables and replace --format with global --json by @danielewood in #80
• feat: add cipher suite enumeration with raw TLS 1.3, QUIC, and key exchange probing by @danielewood in #82
• chore: finalize pre-commit and DN rendering fixes by @danielewood in #85
• feat(connect): add certificate transparency checks by @danielewood in #86
• fix: harden export paths and outputs by @danielewood in #87
• docs: add issue-generator rule file by @danielewood in #104
• chore: merge develop into main by @danielewood in #110
• chore: release v0.8.2 by @danielewood in #111

Full Changelog: v0.8.1...v0.8.2

v0.8.1

Changelog

• c76a730 chore: prepare v0.8.1 release (#71)
• 287abbe build(deps): bump @cloudflare/workers-types in /web (#70)
• 553783b chore: schedule dependabot updates weekly on Monday UTC (#69)
• a6705c7 fix: consolidate tests, fix SanitizeFileName and escapeHTML bugs (#68)
• f7b0643 fix: address Ralph Loop adversarial review findings (#67)
• 3205eb2 build(deps): bump @cloudflare/workers-types in /web (#65)
• 0a8d315 feat(web): add Inspect tab, certkitInspect WASM, and FormatDN (#66)
• fc2c2cb fix: address post-merge review findings from PR #63 (#64)
• 1b3defa fix: address post-merge review findings from PR #62 (#63)
• 392878a feat(web): add category tabs, validation, and paste support (#62)
• c85a2e3 build(deps): bump goreleaser/goreleaser-action in the actions group (#60)
• ecf51bd build(deps): bump @cloudflare/workers-types in /web (#61)

v0.8.0

Changelog

• 4a4e3b3 chore: prepare v0.8.0 release and enable winget workflow (#59)
• c8c1ce0 fix: address PR #57 review findings — deadlocks, godoc, changelog refs (#58)
• 47d7811 feat: add trust and expiry annotations to scan, inspect, and WASM (#57)
• 9168b7f feat: add shell tab completion for all enum and directory flags (#56)
• f229618 build(deps): bump @cloudflare/workers-types in /web (#55)
• 557ac54 test: streamline test suite per T-9, T-10, T-12, T-14 (#53)
• 745df29 build(deps): bump @cloudflare/workers-types in /web (#52)
• f8c0975 build(deps): bump modernc.org/sqlite from 1.37.1 to 1.46.1 (#51)
• ea22409 ci: add go fix to pre-commit hooks and CI checks (#50)

v0.7.7

Changelog

• c55f19d chore: release v0.7.7 (#49)
• 2c77c2f fix: restore authorization check on Claude workflow caller (#46)
• fb17456 build(deps): bump @cloudflare/workers-types from 4.20260214.0 to 4.20260217.0 in /web (#47)
• 1035cd4 test: streamline test suite per T-9 through T-14 (#48)
• 8841eaf ci: centralize CI workflows and pre-commit hooks (#45)
• 0d06959 ci: skip claude review when its own workflow file is modified (#43)
• 634748c ci: force claude review bot to always post a comment (#42)
• e81c3d0 fix: harden key handling with normalization fixes and comprehensive test coverage (#41)
• 08e69a5 ci: add --comment flag to code-review plugin prompt (#40)
• 3555a5b docs: fix stale content in EXAMPLES.md (#37)
• b9f08ba docs: update README for post-0.7.0 changes (#36)
• 9054b87 ci: add Claude Code PR review and Copilot review instructions (#35)
• eec29bc ci: set all Dependabot schedules to daily (#33)
• 32b6574 ci: add Dependabot conventional commit prefix and run all CI steps to completion (#32)
• 77685cd ci: optimize CI, improve checks.py, add GitHub templates (#29)
• 1c47bbd Update changelog commit refs for 2fc570c
• 2fc570c Add key-cert matching and pointer-form tests (iteration 3)
• f405740 Update changelog commit refs for f23f8ab
• f23f8ab Add Ed25519 normalization tests for remaining container paths
• 3c496ec Update changelog commit refs for 1661e53
• 1661e53 Normalize Ed25519 keys in EncodePKCS12 and harden key handling tests
• 3571659 Replace custom Go dependency workflow with Dependabot gomod
• 7e3e758 Update changelog commit refs for 2221a47
• 2221a47 Fix ClassifyHosts email detection and accept legacy CSR PEM type
• fedc2da Update changelog commit refs for 0fa55af
• 0fa55af Fix Ed25519 pointer-form key marshaling in MarshalPrivateKeyToPEM and EncodeJKS
• 731fcfd Harden key handling tests with normalization and round-trip coverage
• 3075aee Normalize keys at all entry points and add type verification tests
• 21071b9 Harden tests (LOW fixes) and normalize Ed25519 key storage
• 937ca9b Harden test suite and fix WASM ZIP timestamps
• ef8f367 Split CLAUDE.md into on-demand pieces to reduce context usage

v0.7.6

Changelog

• f2e9962 Expand AIA proxy to 142 CA domains, add table sorting and key filtering
• f4f1715 Consolidate fpki.gov allow list entries and add cite.fpki.gov

v0.7.5

Changelog

• 8ca8fd0 Release v0.7.5
• b69caef Fix AIA resolution for PKCS#7 (.p7c) certificate responses

v0.7.4

Changelog

• cfc1863 Release v0.7.4
• 404e1d7 Add web test infrastructure and ES module conversion

v0.7.3

Changelog

• af1f4c5 Release v0.7.3
• 216fd64 Add prettier and wrangler build pre-commit hooks