§ 01Changelog

What shipped.And when.

Each release types itself in as you scroll past it — once per session, then stays rendered. Filter by change type below.

§ 02Log · tail

Release 01

CLI 2.1.8

2026-06-12

Local analysis unmetered

The 30-scans-per-month local cap is gone. The deterministic engine runs on your machine with no quota and no account — the CLI now matches what the website has always promised.

$ codetitan changelog --version CLI 2.1.82 lines

fix  Removed the local monthly usage counter and its hard gate from `analyze`
fix  `codetitan usage` now reports local analysis as unmetered when not logged in

Release 02

CLI 2.1.7 · core 1.1.5

2026-06-01

Cross-file taint accuracy arc

A second accuracy pass over the cross-file taint engine — suppress directives, path handling, sink coverage, and export tracking — plus honest skip-counting for .cts/.mts files.

$ codetitan changelog --version CLI 2.1.7 · core 1.1.53 lines

fix  Cross-file taint: suppress-directive, path, sink, and export handling hardened
fix  .cts / .mts files now counted as skipped instead of silently ignored
securityGitHub Action PR-comment output escaping hardened

Release 03

CLI 2.1.6 · core 1.1.4

2026-05-24

Cross-file taint — FP/FN hardening

A focused accuracy pass on the 3-pass cross-file taint engine: real sinks fire, regex-shaped false positives are suppressed. Zero confirmed true-positive bugs lost across the bundle.

$ codetitan changelog --version CLI 2.1.6 · core 1.1.43 lines

fix  Cross-file source → sink reachability: fewer false positives, no lost true positives
fix  Canonical forward-slash path handling across platforms
securityBracket-bind heuristic for cross-file SQL-injection sinks

Release 04

CLI 2.1.3 · core 1.1.2

2026-05-21

Framework footgun rules

Bundle 5 — 17 framework-specific security rules (Hono / NestJS / Fastify / Koa), each FP-gated; no false positives observed on 5 framework-shape repos at pinned SHAs (reproduce from the methodology).

$ codetitan changelog --version CLI 2.1.3 · core 1.1.23 lines

feat 17 framework footgun rules across Hono / NestJS / Fastify / Koa
fix  --format json now routes cleanly to stdout
fix  Engine status lines gated under --quiet

Release 05

CLI 2.1.0 · core 1.1.0

2026-05-17

Install footprint fix

Cut the install from 337 MB to ~46 MB and 17 advisories to 5 moderate by moving heavy optional dependencies to optional peers.

$ codetitan changelog --version CLI 2.1.0 · core 1.1.03 lines

perf Install size 337 MB → ~46 MB (heavy deps moved to optional peers)
securityTransitive advisories 17 → 5 moderate
fix  Restored `codetitan fix` apply mode on the published package

Release 06

CLI 2.0.10 · core 1.0.11

2026-05-14

Public CLI + GitHub Action, Apache-2.0

The local CLI and the GitHub Action are published and runnable on your own runner — deterministic JS/TS analysis, SARIF output, PR comments. Licensed Apache-2.0.

$ codetitan changelog --version CLI 2.0.10 · core 1.0.113 lines

feat Deterministic JS/TS engine — runs on your machine or CI runner
feat SARIF output to GitHub Code Scanning + inline PR comments
feat Per-repo learned profile (.codetitan/), implemented and locally verified

§ 03Next

Want to know what's next?

See the roadmap →Start free →