Product Updates

🚀 v1.3.1: The Precision & Stability Update

This release focuses on industrial-grade accuracy for the Tharos security engine, drastically reducing false positives while maintaining deep structural intelligence.

• 92% Higher Signal-to-Noise: Refined JS/TS scanning to filter out "Lexer Remarks" (emojis, complex regex) and noisy "info" level findings from standard output.
• Intelligent SQLi Correlation: Implemented a "Scanner Mindset" that verifies multiple SQL keywords (e.g., SELECT + FROM) before flagging, eliminating false positives in UI code and logs.
• Zero-False-Positive Secrets: Optimized the credential scanner to automatically ignore public URLs (OAuth endpoints, docs) while maintaining high-entropy detection for private keys.
• Precision Regex Boundaries: Upgraded keyword matching to respect structural boundaries, preventing standard words (like "updated") from triggering security flags.
• Unified Versioning: Synchronized engine and CLI versions to 1.3.1 for a more cohesive distribution.

🚀 v1.3.0: The Evolution & AI Fix Update

This monumental release transforms Tharos into an AI-powered security partner with the introduction of AI Magic Fix—automatically detecting and remediating vulnerabilities with context-aware precision.

• AI Magic Fix Automation: Introduced the revolutionary tharos fix command to automatically apply security patches.
• Premium Interactive TUI:
  • ⠋ Animated Spinner: Real-time feedback during fix generation.
  • 📊 Confidence Meter: Visual color-coded reliability bars (Green/Yellow/Red).
  • 📝 Enhanced Diffs: Beautiful, bold previews of proposed code changes.
• Upgraded AI Engine: Migrated to Gemini 2.5 Flash for superior fix quality and lightning-fast responses.
• Safety Backup & Rollback: Automatic timestamped backups before every fix with a one-command rollback system.
• 100% Verified Accuracy: Validated on real-world CORS misconfigurations, secrets, and SQL injection patterns.

🚀 v1.2.0: The Intelligence & Ecosystem Update

This release bridges the gap between static analysis and interactive learning with the new Security Playground and a significantly optimized engine.

• Functional Security Playground: Launched a live browser-based demo at tharos.vercel.app/playground powered by the real Go engine.
• 98% Noise Reduction: Implemented smart filtering for build artifacts (.next, bin, .vercel), reducing scanned files from 4,807 to 97 in major projects.
• Sliding Window Pattern Detection: Introduced a 10-token lookahead buffer to catch complex multi-token vulnerabilities like decoupled Header names and values.
• Unified Professional Branding: Retired the fox mascot in favor of a sleek, geometric Stylized T logo across all CLI, Docs, and Dashboard interfaces.

🚀 v1.1.1: The Community & Scale Update

This major milestone professionalizes the Tharos ecosystem with automated releases, robust community documentation, and an expanded security engine.

• Release Automation: Replaced manual tagging with a high-fidelity GitHub Action that automatically handles versioning and distribution.
• Community Health Suite: Established professional SECURITY.md and SUPPORT.md policies, and updated the contribution guide for modern Go-based development.
• Expanded Security Intelligence:
  • Go: Added native AST detection for Insecure CORS policies.
  • Python: Implemented intelligent Hardcoded Password tracking in literal assignments.
  • JS/TS: Added checks for Insecure Headers (e.g., detecting disabled security protections) and cross-platform CORS auditing.
• Visual Identity: Launched the official Fox Guardian logo, representing the project's sleek and intelligent protective nature.
• SARIF Compliance: Fixed critical line-number mapping to ensure 100% compatibility with GitHub's security dashboard.

🚀 v1.1.0: The Enterprise Polyglot Update

This major release completes the Core Roadmap, transforming Tharos into a high-fidelity, enterprise-ready security suite with deep structural analysis and seamless CI/CD integration.

• Deep Polyglot AST Analysis: Native, structural security scanning for Go and Python, detecting complex SQLi, command injection, and insecure deserialization.
• Local Security Dashboard (tharos ui): Launched a high-fidelity, interactive web control center for browsing findings and risk scores directly from the terminal.
• Official GitHub Action: Introduced the tharos-action for one-line integration with GitHub Security, populating the security tab with refined SARIF findings.
• Enterprise SARIF Exporter: Refined the SARIF engine with rich rule metadata, stable indexing, and precise location mapping for industry-standard compliance.
• Context-Aware Detection: Improved the "Scanner Mindset" to handle complex variable flows and differentiate between safe boilerplate and true production vulnerabilities.

The VS Code & Launch Update

• VS Code Extension (v1.0.2): Launched the official extension with Magic Fixes, zero-config bundled binaries, and precise diagnostic highlighting.
• Interactive Remediation: Extended Magic Fixes to the IDE, allowing one-click security patches alongside the existing CLI interactive mode.
• Enterprise Enforcement: Hardened the exit code logic for CI/CD pipelines, supporting --strict mode to fail builds on any security finding.
• Multi-Platform Distribution: Packaged Tharos as a .vsix for VS Code and introduced high-fidelity marketing assets for the global launch.
• Community & Sponsorship: Integrated GitHub Sponsors, Open Collective, and Buy Me a Coffee to support the project's long-term growth.

The Intelligent Gatekeeper Update

• Polyglot AST Support: Expanded semantic analysis to include native Go (via go/ast) and Python, detecting complex SQL injection and command injection patterns.
• Policy-as-Code Loader: Introduced dynamic policy injection from YAML files in the policies/ directory or via the new --policy flag.
• Premium CLI Dashboard: Introduced a high-fidelity terminal UI with structured findings tables and a definitive COMMIT VERDICT (Pass/Block) banner.
• Data-Driven Security Rules: You can now define custom regex-based security patterns directly in tharos.yaml to catch project-specific vulnerabilities.
• Smart Risk Scoring: Integrated min_risk_score configuration to filter AI-generated insights, ensuring you only see the most actionable security intelligence.
• Self-Healing Git Hooks: Launched tharos sync and background audit systems that automatically detect and heal tampered or missing git hooks.