From be0bdcbbdc594d33dc5837389645c6250eb73205 Mon Sep 17 00:00:00 2001 From: lintsinghua Date: Tue, 16 Dec 2025 22:11:59 +0800 Subject: [PATCH] docs: remove CHANGELOG.md --- CHANGELOG.md | 99 ---------------------------------------------------- 1 file changed, 99 deletions(-) delete mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index 8c5384c..0000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,99 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -## [3.0.0] - 2024-12-15 - -### Highlights - -**DeepAudit v3.0.0** introduces a revolutionary **Multi-Agent Intelligent Audit System**: - -- Multi-Agent Architecture with Orchestrator-driven decision making -- RAG (Retrieval-Augmented Generation) knowledge base enhancement -- Docker sandbox for automated vulnerability verification -- Professional security tool integration - -### Added - -#### Multi-Agent Architecture -- **Orchestrator Agent**: Centralized orchestration for autonomous audit strategy decisions -- **Recon Agent**: Information gathering, technology stack identification, and entry point discovery -- **Analysis Agent**: Deep vulnerability analysis with Semgrep, RAG semantic search, and LLM analysis -- **Verification Agent**: Sandbox testing, PoC generation, false positive filtering - -#### RAG Knowledge Base -- Code semantic understanding with Tree-sitter AST-based chunking -- CWE/CVE vulnerability knowledge base integration -- ChromaDB vector database support -- Multi-language support: Python, JavaScript, TypeScript, Java, Go, PHP, Rust - -#### Security Sandbox -- Docker isolated container for PoC execution -- Resource limits: memory, CPU constraints -- Network isolation with configurable access -- seccomp security policies - -#### Security Tools Integration -- **Semgrep**: Multi-language static analysis -- **Bandit**: Python security scanning -- **Gitleaks**: Secret leak detection -- **TruffleHog**: Deep secret scanning -- **npm audit**: Node.js dependency vulnerabilities -- **Safety**: Python dependency audit -- **OSV-Scanner**: Multi-language dependency vulnerabilities - -#### New Features -- Kunlun-M (MIT License) security scanner integration -- File upload size limit increased to 500MB with large file optimization -- Improved task tabs with card-style layout -- Enhanced error handling and project scope filtering -- Streaming LLM token usage reporting with input estimation - -### Changed -- Refactored Agent architecture with dynamic Agent tree -- Expanded high-risk file patterns and dangerous pattern library -- Enhanced sandbox functionality with forced sandbox verification -- Improved report generation with normalized severity comparisons -- Better agent stream stability preventing unnecessary reconnections - -### Fixed -- Agent stream stability issues with correct event buffer draining -- Sandbox tool initialization logging improvements -- Task phase update to REPORTING on completion -- Various UI/UX improvements in AgentAudit component - ---- - -## [2.0.0] - 2024-11-15 - -### Added -- Multi-LLM platform support (OpenAI, Claude, Gemini, Qwen, DeepSeek, Zhipu, etc.) -- Ollama local model support for privacy-focused deployments -- Project management with GitHub/GitLab import -- ZIP file upload support -- Instant code analysis feature -- What-Why-How three-step fix recommendations -- PDF/JSON report export -- Audit rules management (OWASP Top 10 built-in) -- Prompt template management with visual editor -- Runtime LLM configuration in browser -- i18n support (Chinese/English) - -### Changed -- Migrated to FastAPI backend -- React 18 frontend with TypeScript -- PostgreSQL database with Alembic migrations -- Docker Compose deployment support - ---- - -## [1.0.0] - 2024-10-01 - -### Added -- Initial release -- Basic code security audit functionality -- LLM-powered vulnerability detection -- Simple web interface