chore: release 0.5.0

Author: slvDev

CHANGELOG.md

@@ -5,6 +5,43 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.5.0] - 2026-01-26
+
+### Added
+
+#### GitHub Actions
+
+- GitHub Actions integration (`action.yml`) — run Weasel in CI/CD pipelines with `uses: slvDev/weasel@main`
+- SARIF output format (`--format sarif`) for GitHub Code Scanning integration
+- Nightly release workflow — automatic builds from `main` on source changes
+- `weaselup --nightly` flag to install latest nightly build
+- Example workflows in `gh-actions-examples/`:
+  - `weasel-basic.yml` — basic analysis with SARIF upload
+  - `weasel-claude.yml` / `weasel-claude-diff.yml` — Claude-powered review
+  - `weasel-openai.yml` / `weasel-openai-diff.yml` — OpenAI Codex-powered review
+  - `weasel-gemini.yml` / `weasel-gemini-diff.yml` — Gemini-powered review
+- SHA256 checksums and build attestation for release binaries
+
+#### Detector Configuration
+
+- `exclude_detectors` option in `weasel.toml` and CLI (`-x` / `--exclude-detectors`) to skip specific detectors by ID
+- `exclude_detectors` parameter for MCP `weasel_analyze` tool
+- Protocol feature flags in `weasel.toml` `[protocol]` section to disable detector groups:
+  - `uses_fot_tokens` — fee-on-transfer token detectors
+  - `uses_weird_erc20` — non-standard ERC20 detectors
+  - `uses_native_token` — native ETH handling detectors
+  - `uses_l2` — L2-specific detectors (Arbitrum, Optimism)
+  - `uses_nft` — NFT-related detectors
+
+#### MCP & IDE Support
+
+- OpenAI Codex CLI support for `weasel mcp add/remove` (`--target codex`)
+- Gemini CLI support for `weasel mcp add/remove` (`--target gemini`)
+
+### Changed
+
+- Release workflow uses pinned action SHAs and Cargo caching for faster builds
+
 ## [0.4.6] - 2026-01-19
 
 ### Added
@@ -15,7 +52,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `constant-decimals` - prefer constants for decimals
 
 **NC (Non-Critical)**
-- `abstract-in-separate-file` - abstract contracts should be in separate files
 - `array-ranged-getter` - use ranged getter for array access
 - `bool-init-false` - unnecessary boolean initialization to false
 - `nc-combine-mappings` - mappings with same key can be combined into struct
@@ -91,6 +127,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 #### New Detectors
 
+- `abstract-in-separate-file` - abstract contracts should be in separate files
 - `long-calculations` - flag complex math that may overflow
 - `unchecked-low-level-call` - missing success check on call/delegatecall
 - `upgradable-token-interface` - detect upgradable token patterns
@@ -183,7 +220,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - CLI with configuration file support
 - Basic detectors for common vulnerabilities
 
-[Unreleased]: https://github.com/slvDev/weasel/compare/v0.4.6...HEAD
+[Unreleased]: https://github.com/slvDev/weasel/compare/v0.5.0...HEAD
+[0.5.0]: https://github.com/slvDev/weasel/compare/v0.4.6...v0.5.0
 [0.4.6]: https://github.com/slvDev/weasel/compare/v0.4.5...v0.4.6
 [0.4.5]: https://github.com/slvDev/weasel/compare/v0.4.0...v0.4.5
 [0.4.0]: https://github.com/slvDev/weasel/compare/v0.3.1...v0.4.0

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "weasel"
-version = "0.4.6"
+version = "0.5.0"
 edition = "2021"
 description = "Smart Contract Static Analysis Tool"
 authors = ["slvDev"]

Cargo.toml

@@ -212,16 +212,25 @@ exclude = ["test", "script"]
 min_severity = "Low"
 format = "md"
 remappings = ["@openzeppelin/=lib/openzeppelin-contracts/"]
+exclude_detectors = ["floating-pragma", "line-length"]
+
+[protocol]
+uses_fot_tokens = true       # Fee-on-transfer token detectors
+uses_weird_erc20 = true      # Non-standard ERC20 detectors
+uses_native_token = true     # Native ETH handling detectors
+uses_l2 = true               # L2-specific detectors (Arbitrum, Optimism)
+uses_nft = true              # NFT-related detectors
 ```
 
-| Option           | Short | Default           |
-| ---------------- | ----- | ----------------- |
-| `--scope`        | `-s`  | `["src"]`         |
-| `--exclude`      | `-e`  | `["lib", "test"]` |
-| `--min-severity` | `-m`  | `NC`              |
-| `--format`       | `-f`  | `md`              |
-| `--output`       | `-o`  | stdout            |
-| `--remappings`   | `-r`  | auto              |
+| Option                | Short | Default           |
+| --------------------- | ----- | ----------------- |
+| `--scope`             | `-s`  | `["src"]`         |
+| `--exclude`           | `-e`  | `["lib", "test"]` |
+| `--min-severity`      | `-m`  | `NC`              |
+| `--format`            | `-f`  | `md`              |
+| `--output`            | `-o`  | stdout            |
+| `--remappings`        | `-r`  | auto              |
+| `--exclude-detectors` | `-x`  | none              |
 
 **Priority:** CLI flags > config file > auto-detection
 
@@ -322,7 +331,7 @@ gh attestation verify weasel-<target>.tar.gz --owner slvDev
 
 | Input | Description | Default |
 |-------|-------------|---------|
-| `version` | Weasel version (`latest`, `nightly`, or specific like `0.4.6`) | `latest` |
+| `version` | Weasel version (`latest`, `nightly`, or specific like `0.5.0`) | `latest` |
 | `path` | Path to analyze | `.` |
 | `min-severity` | Minimum severity to report | `Low` |
 | `fail-on` | Fail CI at this severity (`High`, `Medium`, `Low`, `none`) | `none` |

README.md

@@ -8,7 +8,7 @@ branding:
 
 inputs:
   version:
-    description: 'Weasel version to use (latest, nightly, or specific version like 0.4.6)'
+    description: 'Weasel version to use (latest, nightly, or specific version like 0.5.0)'
     required: false
     default: 'latest'
   path:

action.yml

@@ -72,7 +72,7 @@ jobs:
 # Specific version
 # - uses: slvDev/weasel@main
 #   with:
-#     version: 0.4.6
+#     version: 0.5.0
 #
 # High severity only, fail on any finding
 # - uses: slvDev/weasel@main

gh-actions-examples/weasel-basic.yml

@@ -1,7 +1,7 @@
 {
   "name": "weasel",
   "description": "Solidity static analyzer with AI-powered security skills for auditing and developing secure smart contracts",
-  "version": "0.4.5",
+  "version": "0.5.0",
   "author": {
     "name": "slvDev"
   }

weasel/.claude-plugin/plugin.json

@@ -85,14 +85,14 @@ USAGE:
     weaselup [OPTIONS]
 
 OPTIONS:
-    -v, --version <VERSION>    Install specific version (e.g., 0.4.6)
+    -v, --version <VERSION>    Install specific version (e.g., 0.5.0)
     --nightly                  Install latest nightly build
     -h, --help                 Show this help message
 
 EXAMPLES:
     weaselup                   Install latest stable version
     weaselup --nightly         Install latest nightly build
-    weaselup -v 0.4.6          Install version 0.4.6
+    weaselup -v 0.5.0          Install version 0.5.0
 EOF
 }