# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [0.1.0] - 2024-03-20
### Added
- **MCP Scanner**: New module to audit Model Context Protocol servers.
- Registry verification against trusted authors.
- Risk detection (root access, promiscuous tools, network binding).
- Configurable trust settings.
- **Threat Catalog**: YAML-based catalog with 40+ threat rules across 6 categories:
- AI Security (`AI_RISK`).
- Web Security (`WEB_RISK`).
- Cryptography Risks (`CRYPTO_RISK`).
- Secrets & Tokens (`SECRET_RISK`).
- Prompt Security (`PROMPT_RISK`).
- Infrastructure & Obfuscation.
- **Reporting**:
- Rich terminal output with colors and severity badges.
- JSON export for CI/CD.
- HTML report generation with interactive UI.
- **CLI**:
- `audit` command with filtering and output formatting.
- `config` command to manage trusted entities.
- `list` command to view the threat catalog.
- `info` command for detailed threat descriptions.
- **CI/CD Integration**:
- `--ci-mode` flag for non-zero exit codes.
- GitHub Actions, GitLab CI, and Jenkins support documented.
### Security
- Implemented robust pattern matching for threat detection.
- Added default `trusted_authors` for MCP packages (`@modelcontextprotocol`, `@anthropic-ai`).