CalvinBackup/fuzzforge_ai
1
0
Fork 0
mirror of https://github.com/FuzzingLabs/fuzzforge_ai.git synced 2026-02-12 21:52:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e42f07fc63fa233da3066e5852eec300840c5a5d
fuzzforge_ai/CHANGELOG.md
tduhamel42 746699e7c0 chore: Bump version to 0.7.0 
Version updates:
- README.md badge: 0.6.0 → 0.7.0
- cli/pyproject.toml: 0.6.0 → 0.7.0
- backend/pyproject.toml: 0.6.0 → 0.7.0
- sdk/pyproject.toml: 0.6.0 → 0.7.0
- ai/pyproject.toml: 0.6.0 → 0.7.0

Add CHANGELOG.md with comprehensive release notes for 0.7.0:
- Secret detection workflows (gitleaks, trufflehog, llm_secret_detection)
- AI module and agent integration
- Temporal migration completion
- CI/CD integration
- Documentation updates
- Bug fixes and improvements

Update llm_analysis default model to gpt-5-mini
2025-10-16 12:23:56 +02:00

3.1 KiB
Raw Blame History

Changelog

All notable changes to FuzzForge will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.7.0 - 2025-01-16

🎯 Major Features

Secret Detection Workflows

  • Added three secret detection workflows:
    • gitleaks_detection - Pattern-based secret scanning
    • trufflehog_detection - Entropy-based secret detection with verification
    • llm_secret_detection - AI-powered semantic secret detection using LLMs
  • Comprehensive benchmarking infrastructure:
    • 32-secret ground truth dataset for precision/recall testing
    • Difficulty levels: 12 Easy, 10 Medium, 10 Hard secrets
    • SARIF-formatted output for all workflows
    • Achieved 100% recall with LLM-based detection on benchmark dataset

AI Module & Agent Integration

  • Added A2A (Agent-to-Agent) wrapper for multi-agent orchestration
  • Task agent implementation with Google ADK
  • LLM analysis workflow for code security analysis
  • Reactivated AI agent command (ff ai agent)

Temporal Migration Complete

  • Fully migrated from Prefect to Temporal for workflow orchestration
  • MinIO storage for unified file handling (replaces volume mounts)
  • Vertical workers with pre-built security toolchains
  • Improved worker lifecycle management

CI/CD Integration

  • Ephemeral deployment model for testing
  • Automated workflow validation in CI pipeline

Enhancements

Documentation

  • Updated README for Temporal + MinIO architecture
  • Removed obsolete volume_mode references across all documentation
  • Added .env configuration guide for AI agent API keys
  • Fixed worker startup instructions with correct service names
  • Updated docker compose commands to modern syntax

Worker Management

  • Added worker_service field to API responses for correct service naming
  • Improved error messages with actionable manual start commands
  • Fixed default parameters for gitleaks (now uses no_git=True by default)

🐛 Bug Fixes

  • Fixed gitleaks workflow failing on uploaded directories without Git history
  • Fixed worker startup command suggestions (now uses docker compose up -d with service names)
  • Fixed missing cognify_text method in CogneeProjectIntegration

🔧 Technical Changes

  • Updated all package versions to 0.7.0
  • Improved SARIF output formatting for secret detection workflows
  • Enhanced benchmark validation with ground truth JSON
  • Better integration between CLI and backend for worker management

📝 Test Projects

  • Added secret_detection_benchmark with 32 documented secrets
  • Ground truth JSON for automated precision/recall calculations
  • Updated vulnerable_app for comprehensive security testing

0.6.0 - 2024-12-XX

Features

  • Initial Temporal migration
  • Fuzzing workflows (Atheris, Cargo, OSS-Fuzz)
  • Security assessment workflow
  • Basic CLI commands
Reference in New Issue View Git Blame Copy Permalink