All notable changes to this project are documented in this file.
The format is based on Keep a Changelog, and this project follows Semantic Versioning.
- Direct microservices mode (
--mode microservices) with controller/planner/worker foundation. - FastAPI control plane entrypoint (
secnodeapi-server) for session lifecycle operations. - Attack graph, memory subsystem, worker facades, and tool adapter scaffolding.
- CI container vulnerability scanning via Trivy.
- CI dependency vulnerability audit using
pip-audit. - Developer workflows for local stack (
make up,make down) and audit target (make audit-uv).
- CLI mode options expanded to include
microservices. - README updated with direct microservices runtime description and commands.
- Dependency set expanded with
fastapi,uvicorn,redis, andnetworkx.
- Initial autonomous API pentesting framework with schema fetch, AI understanding, test generation, execution, and reporting.
- Async execution pipeline and findings model/report generation.
- Baseline unit test suite and CI checks.
- Contributor-facing project docs: license, code of conduct, security policy, and contribution guide.
- AI engine refactored into modular
understand,generate, andvalidatecomponents. - Pipeline execution tuned with budget clipping and category token handling improvements.
- Environment support extended for OpenAI, Anthropic, and Ollama provider configuration.