Changelog
Track the evolution of Code Pathfinder with detailed release notes and updates.
Release v1.3.0
What's Changed
- enhancement(sast/python): Add bidirectional type inference and comprehensive symbol indexing by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/480
- feat(analytics): Enable GeoIP and improve PostHog event tracking by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/481
- enhancement(python/sast): Fix method call graph indexing for Python class methods by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/482
- chore: remove unwanted files and improve .gitignore by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/483
- fix(python/sast): Fix instance method return type propagation for OOP patterns by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/484
- release: bump v1.3.0 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/485
Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v1.2.2...v1.3.0
Release v1.2.2
What's Changed
- feat: Add banner system and TTY detection for CLI output (PR-01) by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/473
- feat: Add progress bars for scan/CI operations (PR-02) by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/474
- feat: Clean up verbose logging for better CLI output (PR-03) by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/475
- feat: Add progress bar for file parsing workers (PR-04) by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/476
- fix(ci): restrict PyPI publish to release events and manual triggers by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/477
- chore: bump version to 1.2.2 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/478
Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v1.2.1...v1.2.2
Release v1.2.1
What's New
Run all security rules for a technology stack with a single category/all flag.
Why We Built This
Running comprehensive scans required specifying each bundle individually:
pathfinder scan --ruleset docker/security \
--ruleset docker/best-practice \
--ruleset docker/performance \
--project .
Now simplified to:
pathfinder scan --ruleset docker/all --project .
Benefits
- Faster workflows: One command instead of multiple flags
- Complete coverage: Automatically includes all available rules
- Future-proof: New rules are included automatically as they're released
- Flexible: Mix comprehensive scans with specific rule bundles
Quick Start
# Scan all Docker rules
pathfinder scan --ruleset docker/all --project .
# Scan all Python rules
pathfinder scan --ruleset python/all --project .
# Scan all Docker Compose rules
pathfinder scan --ruleset docker-compose/all --project .
# Mix comprehensive + specific scans
pathfinder scan --ruleset docker/all --ruleset python/django --project .
Available Categories
- docker/all - All Dockerfile rules
- docker-compose/all - All Docker Compose rules
- python/all - All Python rules
New categories automatically support /all syntax as they're added.
What's Changed
- fix(action): rewrite GitHub Action as composite with pip installation by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/465
- enhancement(ruleset): add support for category-level ruleset expansion with docker/all syntax by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/471
Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v1.2.0...v1.2.1
Release v1.2.0
🚀 Code Pathfinder v1.2.0 - Pre-Built Security Rules Are Here
We're thrilled to announce Code Pathfinder v1.2.0, bringing ready-to-use security rulesets that you can deploy in seconds!
✨ What's New
🎯 Pre-Built Python Security Rules
Stop writing security rules from scratch. Access battle-tested rulesets from our registry:
pathfinder scan --project /path/to/src --ruleset docker/security --output sarif
Find SQL injections, unsafe deserialization, command injection vulnerabilities, and more - all configured and ready to run.
📦 Registry-Hosted Rulesets
Browse and use community-maintained rules at codepathfinder.dev/registry/:
docker/security- Docker security vulnerabilitiesdocker/best-practice- Dockerfile optimizationpython/deserialization- Unsafe pickle.loads RCE detectionpython/django- Django SQL injection patternspython/flask- Flask security misconfigurations- More languages coming soon
🔧 Enhanced Python Compatibility
Expanded Python 3.9+ support with intelligent stdlib module discovery fallbacks, ensuring reliable analysis across different Python versions and environments.
🎯 What This Means for You
👉🏻 No more copy-pasting security rules or reinventing the wheel. Point to a ruleset, run your scan, and catch vulnerabilities before they hit production. Perfect for teams who want 👉🏻 powerful SAST without the configuration overhead.
What's Changed
- fix(python/sast): add Python 3.9 fallback for stdlib module discovery by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/464
- feat(ruleset): add Python security rules with remote ruleset CLI support by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/466
- fix(gha): resolve R2 upload SSL handshake failure by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/467
- chore: remove obsolete deprecation-notice.js by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/468
- feat(rules): add Python security rules for R2 distribution by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/469
Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v1.1.6...v1.2.0
Release v1.1.6
Code Pathfinder v1.1.6
This release adds MCP (Model Context Protocol) server support and expands Python standard library coverage.
What's New
MCP Server Support
Code Pathfinder now functions as a Model Context Protocol server for AI-powered code analysis:
- Protocol Foundation: Full MCP protocol handler implementation with standard tools support
- HTTP Transport: Network access via HTTP transport layer for remote connections
- Cursor-Based Pagination: Efficient handling of large result sets with cursor-based pagination
- Error Handling: JSON-RPC 2.0 compliant error handling
- Indexing & Analytics: Real-time indexing status tracking and optional analytics integration
- Comprehensive Testing: Extensive test coverage for all MCP server components
Visit MCP setup guide page:
-
Python Analysis Improvements
- Expanded stdlib Coverage: Increased support for Python standard library versions, improving analysis accuracy across different Python environments
Infrastructure
- CI/CD Cleanup: Removed npm publish GitHub Action workflow
Pull Requests
- #453 - Remove npm publish GitHub Action workflow
- #454 - Add MCP server foundation with protocol handler and tools
- #455 - Add comprehensive test coverage for MCP server
- #456 - Add robust error handling per JSON-RPC 2.0 spec
- #457 - Add cursor-based pagination for large result sets
- #458 - Add HTTP transport for network access
- #459 - Add indexing status, analytics, and comprehensive tests
- #460, #461 - Increase coverage for Python stdlib versions
- #462 - Release v1.1.6
Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v1.1.5...v1.1.6