v0.1.2

Bug Fixes

• (ci) Enable OpenSSF Scorecard public result publishing

• (ci) Split scorecard into analysis + badge jobs

• (ci) Pin Semgrep container image to digest

• Audit hardening — 7 confirmed findings + debt tracking (#19)

Documentation

• Add Codecov badge to README

Miscellaneous

• Bump version to 0.1.2

Ci

• (deps) Bump the github-actions group with 11 updates (#16)

v0.1.1

Bug Fixes

• (ci) Correct codecov-action SHA, drop fuzz idempotency assertion

• (ci) SHA-pin all actions, version-pin all installs, standardize on setup-uv

• Harden action.yml against code injection

• (security) Enable Jinja2 autoescape, suppress shell=True findings

• (security) Use full Semgrep rule ID in nosemgrep comments

Documentation

• Add governance docs (CoC, Security, Governance)

• Add Fuzz, Scorecard, PyPI, Ruff badges to README

• Add internal project docs, plans, and design records

Features

• Add navi-sanitize dependency

• Replace sanitize pipeline with navi-sanitize

• Add pack resolution by name and list-packs command

• Add nboot new command + scaffold pack (#18)

Miscellaneous

• Upgrade mypy to strict mode

• V0.1.1 housekeeping — version bump, description cleanup

• Add CODEOWNERS

• Expand CODEOWNERS to cover sensitive files

Refactoring

• Address code review — rename helper, drop redundant deepcopy

Ci

• Add Semgrep SAST workflow

• Add Atheris fuzz testing for sanitization

• Add pip-audit, Codecov upload, 80% coverage floor

v0.1.0

Bug Fixes

• Release workflow missing tools

• Move publish job to release.yml for PyPI trusted publisher

Features

• Navi-bootstrap — clean slate

• Add PyPI publishing via trusted publisher

Ci

• Update scorecard badge [skip ci]