CodeReview/CHANGELOG.md

# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [3.0.0] - 2024-12-15

### Highlights

**DeepAudit v3.0.0** introduces a revolutionary **Multi-Agent Intelligent Audit System**:

- Multi-Agent Architecture with Orchestrator-driven decision making
- RAG (Retrieval-Augmented Generation) knowledge base enhancement
- Docker sandbox for automated vulnerability verification
- Professional security tool integration

### Added

#### Multi-Agent Architecture
- **Orchestrator Agent**: Centralized orchestration for autonomous audit strategy decisions
- **Recon Agent**: Information gathering, technology stack identification, and entry point discovery
- **Analysis Agent**: Deep vulnerability analysis with Semgrep, RAG semantic search, and LLM analysis
- **Verification Agent**: Sandbox testing, PoC generation, false positive filtering

#### RAG Knowledge Base
- Code semantic understanding with Tree-sitter AST-based chunking
- CWE/CVE vulnerability knowledge base integration
- Milvus/ChromaDB vector database support
- Multi-language support: Python, JavaScript, TypeScript, Java, Go, PHP, Rust

#### Security Sandbox
- Docker isolated container for PoC execution
- Resource limits: memory, CPU constraints
- Network isolation with configurable access
- seccomp security policies

#### Security Tools Integration
- **Semgrep**: Multi-language static analysis
- **Bandit**: Python security scanning
- **Gitleaks**: Secret leak detection
- **TruffleHog**: Deep secret scanning
- **npm audit**: Node.js dependency vulnerabilities
- **Safety**: Python dependency audit
- **OSV-Scanner**: Multi-language dependency vulnerabilities

#### New Features
- Kunlun-M (MIT License) security scanner integration
- File upload size limit increased to 500MB with large file optimization
- Improved task tabs with card-style layout
- Enhanced error handling and project scope filtering
- Streaming LLM token usage reporting with input estimation

### Changed
- Refactored Agent architecture with dynamic Agent tree
- Expanded high-risk file patterns and dangerous pattern library
- Enhanced sandbox functionality with forced sandbox verification
- Improved report generation with normalized severity comparisons
- Better agent stream stability preventing unnecessary reconnections

### Fixed
- Agent stream stability issues with correct event buffer draining
- Sandbox tool initialization logging improvements
- Task phase update to REPORTING on completion
- Various UI/UX improvements in AgentAudit component

---

## [2.0.0] - 2024-11-15

### Added
- Multi-LLM platform support (OpenAI, Claude, Gemini, Qwen, DeepSeek, Zhipu, etc.)
- Ollama local model support for privacy-focused deployments
- Project management with GitHub/GitLab import
- ZIP file upload support
- Instant code analysis feature
- What-Why-How three-step fix recommendations
- PDF/JSON report export
- Audit rules management (OWASP Top 10 built-in)
- Prompt template management with visual editor
- Runtime LLM configuration in browser
- i18n support (Chinese/English)

### Changed
- Migrated to FastAPI backend
- React 18 frontend with TypeScript
- PostgreSQL database with Alembic migrations
- Docker Compose deployment support

---

## [1.0.0] - 2024-10-01

### Added
- Initial release
- Basic code security audit functionality
- LLM-powered vulnerability detection
- Simple web interface
fix(agent): 修复工具执行结果处理中的 None 值问题修复 AgentTool 和外部工具类中结果处理逻辑，确保 data 字段不为 None 添加调试日志和错误处理，改进工具执行失败时的反馈信息统一所有工具类的错误处理格式，避免前端显示 "None" 字符串 2025-12-15 10:24:58 +08:00			`# Changelog`

			`All notable changes to this project will be documented in this file.`

			`The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),`
			`and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).`

			`## [3.0.0] - 2024-12-15`

			`### Highlights`

			`DeepAudit v3.0.0 introduces a revolutionary Multi-Agent Intelligent Audit System:`

			`- Multi-Agent Architecture with Orchestrator-driven decision making`
			`- RAG (Retrieval-Augmented Generation) knowledge base enhancement`
			`- Docker sandbox for automated vulnerability verification`
			`- Professional security tool integration`

			`### Added`

			`#### Multi-Agent Architecture`
			`- Orchestrator Agent: Centralized orchestration for autonomous audit strategy decisions`
			`- Recon Agent: Information gathering, technology stack identification, and entry point discovery`
			`- Analysis Agent: Deep vulnerability analysis with Semgrep, RAG semantic search, and LLM analysis`
			`- Verification Agent: Sandbox testing, PoC generation, false positive filtering`

			`#### RAG Knowledge Base`
			`- Code semantic understanding with Tree-sitter AST-based chunking`
			`- CWE/CVE vulnerability knowledge base integration`
			`- Milvus/ChromaDB vector database support`
			`- Multi-language support: Python, JavaScript, TypeScript, Java, Go, PHP, Rust`

			`#### Security Sandbox`
			`- Docker isolated container for PoC execution`
			`- Resource limits: memory, CPU constraints`
			`- Network isolation with configurable access`
			`- seccomp security policies`

			`#### Security Tools Integration`
			`- Semgrep: Multi-language static analysis`
			`- Bandit: Python security scanning`
			`- Gitleaks: Secret leak detection`
			`- TruffleHog: Deep secret scanning`
			`- npm audit: Node.js dependency vulnerabilities`
			`- Safety: Python dependency audit`
			`- OSV-Scanner: Multi-language dependency vulnerabilities`

			`#### New Features`
			`- Kunlun-M (MIT License) security scanner integration`
			`- File upload size limit increased to 500MB with large file optimization`
			`- Improved task tabs with card-style layout`
			`- Enhanced error handling and project scope filtering`
			`- Streaming LLM token usage reporting with input estimation`

			`### Changed`
			`- Refactored Agent architecture with dynamic Agent tree`
			`- Expanded high-risk file patterns and dangerous pattern library`
			`- Enhanced sandbox functionality with forced sandbox verification`
			`- Improved report generation with normalized severity comparisons`
			`- Better agent stream stability preventing unnecessary reconnections`

			`### Fixed`
			`- Agent stream stability issues with correct event buffer draining`
			`- Sandbox tool initialization logging improvements`
			`- Task phase update to REPORTING on completion`
			`- Various UI/UX improvements in AgentAudit component`

			`---`

			`## [2.0.0] - 2024-11-15`

			`### Added`
			`- Multi-LLM platform support (OpenAI, Claude, Gemini, Qwen, DeepSeek, Zhipu, etc.)`
			`- Ollama local model support for privacy-focused deployments`
			`- Project management with GitHub/GitLab import`
			`- ZIP file upload support`
			`- Instant code analysis feature`
			`- What-Why-How three-step fix recommendations`
			`- PDF/JSON report export`
			`- Audit rules management (OWASP Top 10 built-in)`
			`- Prompt template management with visual editor`
			`- Runtime LLM configuration in browser`
			`- i18n support (Chinese/English)`

			`### Changed`
			`- Migrated to FastAPI backend`
			`- React 18 frontend with TypeScript`
			`- PostgreSQL database with Alembic migrations`
			`- Docker Compose deployment support`

			`---`

			`## [1.0.0] - 2024-10-01`

			`### Added`
			`- Initial release`
			`- Basic code security audit functionality`
			`- LLM-powered vulnerability detection`
			`- Simple web interface`