circle-ir-ai 2.13.1 → 2.13.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +30 -0
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,36 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [2.13.2] - 2026-06-20
|
|
9
|
+
|
|
10
|
+
### Changed — bump circle-ir 3.84.0 → 3.85.0
|
|
11
|
+
|
|
12
|
+
Picks up circle-ir@3.85.0 which lands the 4-gate context-aware
|
|
13
|
+
entropy detector (cogniumhq/cognium-dev#125 — closed by elarasu).
|
|
14
|
+
|
|
15
|
+
Net effect on the testharness top-20 Java OSS corpus:
|
|
16
|
+
|
|
17
|
+
| Pattern | Before | After |
|
|
18
|
+
|---|---|---|
|
|
19
|
+
| PlantUML `@Original(key=…)` annotations | ~530 FPs | 0 (Gate 1: annotation-arg span) |
|
|
20
|
+
| hutool SolarTerms astronomical-data array | 36 FPs | 0 (Gate 3: string-array constant table) |
|
|
21
|
+
| Base64 CSS resource blobs | 110 FPs | 0 (Gate 4: field-name strengthening) |
|
|
22
|
+
| PSystemDonors public-display strings | 24 FPs | 0 (Gate 4) |
|
|
23
|
+
| Base32/Base58 public alphabet | 8 FPs | 0 (Gate 4) |
|
|
24
|
+
| **Entropy-layer FPs eliminated** | **708 / 762** | **0** |
|
|
25
|
+
|
|
26
|
+
Provider-pattern recall (AWS AKIA, GitHub `ghp_`, Stripe `sk_live_`,
|
|
27
|
+
OpenAI `sk-`, Anthropic `sk-ant-`, JWT, PEM, etc.) and the named-credential
|
|
28
|
+
matcher (`isLikelyCredentialAssignment`) are unaffected — both run on
|
|
29
|
+
separate detector layers from the gated entropy layer.
|
|
30
|
+
|
|
31
|
+
Verification:
|
|
32
|
+
- `npm run typecheck` clean
|
|
33
|
+
- `npm test` — 848 passed + 3 skipped (no regressions vs 2.13.1)
|
|
34
|
+
|
|
35
|
+
No source changes in this package; effect is fully delivered by the
|
|
36
|
+
upstream entropy-pass refactor in circle-ir.
|
|
37
|
+
|
|
8
38
|
## [2.13.1] - 2026-06-20
|
|
9
39
|
|
|
10
40
|
### Changed — bump circle-ir 3.82.0 → 3.84.0
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir-ai",
|
|
3
|
-
"version": "2.13.
|
|
3
|
+
"version": "2.13.2",
|
|
4
4
|
"description": "LLM-enhanced SAST analysis built on circle-ir",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|
|
@@ -95,7 +95,7 @@
|
|
|
95
95
|
"dependencies": {
|
|
96
96
|
"@ax-llm/ax": "^20.0.0",
|
|
97
97
|
"@mastra/core": "^1.18.0",
|
|
98
|
-
"circle-ir": "3.
|
|
98
|
+
"circle-ir": "3.85.0",
|
|
99
99
|
"minimatch": "^10.2.5",
|
|
100
100
|
"p-queue": "^9.1.0"
|
|
101
101
|
},
|