Changelog entry:

[0.4.0] - 2026年06月10日

Added

• Enrich surface — runs trustabl enrich after the scan to generate AI
  explanations and exact code fixes for each finding (BYOK via llm-key)
• auto-enrich — applies AI-generated fixes directly to source files
• create-fix-pr — commits patches on a new branch and opens a PR for
  human review; fix PR URL appears in the Step Summary and sticky PR comment
• enriched.json included in the artifact when enrich runs
• llm-provider input for future multi-provider support (default: anthropic)
• enrich-model input to override the Claude model (default: claude-haiku-4-5)
• enrich-rules input to filter enrichment to specific rule IDs
• New outputs: enrich-json-file, fix-pr-url

A maintenance release. @v0 now points here.

Changed

• Node.js 24 runtime (runs.using: node24), ahead of GitHub's Node 20 deprecation — runners default to Node 24 on 2026年06月16日 and remove Node 20 on 2026年09月16日. No behavior change — the bundled dist/ is identical to v0.3.0; build CI and engines bump to Node 24 to match. (GitHub-hosted runners already support Node 24; self-hosted runners need Node 24 available.)

Docs

• Corrected the coverage claim to the analyzer's real surface: Claude / OpenAI / Google ADK / LangChain / CrewAI / Pydantic AI / Vercel AI / AutoGen SDKs, MCP servers, and Claude subagents & skills.
• Expanded the detectors token list to the full set; added a how-it-works note for the opt-in vuln-scan; bumped install pins to v0.3.1.

Full notes: CHANGELOG.md

First Marketplace release of the node20 TypeScript action — the listing previously served the bash v0.1.x. @v0 now points here.

Engine v0.1.4 support

• Line-range annotations. Inline annotations consume the engine's start_line/end_line (with a legacy line fallback so older pinned engines still work) and span multi-line findings. Fixes annotations collapsing to the top of the file against the latest engine.
• vuln-scan input (default false). Matches declared dependencies against a pinned OSV snapshot and reports known CVEs as findings — they flow through the readiness score, gating, inline annotations, and the Security tab, plus a dependency headline (scanned / known-vulnerable) in the console panel, Step Summary, and PR comment.
• skill scope support; MIN_ENGINE_VERSION pinned to v0.1.3.

In this listing (TypeScript rewrite, since the bash v0.1.x)

• Inline PR annotations + GitHub Security tab (SARIF upload), a sticky PR comment, and a readiness panel in the run log + Step Summary.
• Single scan (JSON + SARIF from one pass), sha256-verified binary install, and honest gating (a failed/empty scan errors instead of scoring a clean 100).

Migration

• Grant permissions as needed: security-events: write (Security tab) and pull-requests: write (sticky comment). Without them the action degrades gracefully and never fails solely because a surface was unavailable.
• Pin @v0.3.0, or track the line with @v0.

Full notes: CHANGELOG.md

v0.1.2 — 2026年06月01日

Added

• Readiness score-bar panel. The console box and the Step Summary now lead
  with bar gauges: current readiness vs a projected readiness — what the
  score would be if findings are resolved — computed from the single scan with
  no second run. The projection re-applies trustabl's own scoring
  (per-finding severityWeight ×ばつ confidence, per-tool max(0, 1 − weighted/3),
  overall = min across tools), so the number matches what a real re-scan
  would produce.
• Per-severity breakdown. Finding counts for critical / high / medium / low / info, each with a bar scaled to the largest bucket and tinted by
  severity.
• Projected headroom ladder. A cumulative per-severity projection —
  fix critical → +high → +medium → +low → +info — each row showing
  before → after (+Δ), so you can see which severity tier actually unlocks
  the score.

Changed

• Console box and Step Summary restyled around the score bars and the ladder.
  The raw metric table (repository, branch, readiness, risk, findings,
  max-severity, native exit) is retained below the panel.
• Console box frame is now ASCII (+ - |) instead of Unicode box-drawing. Long
  runs of 3-byte box glyphs on the divider lines were being split mid-character
  by log viewers that buffer on byte boundaries, surfacing as U+FFFD (�); ASCII
  is 1 byte/column and immune. Row separators are colored to match the frame.

Fixed

• CRLF in jq output on Windows runners. Projection values read from jq are
  stripped of \r, so a trailing carriage return can no longer break the
  $(( )) arithmetic on Windows.

Notes

• Projected scores are an estimate, not a re-scan: each resolved finding is
  assumed removed cleanly with nothing new introduced, and trustabl's confidence
  inputs are heuristic — treat the numbers as guidance. "Projected all" is the
  ceiling (≈100 whenever any findings exist); the ladder and the severity
  breakdown carry the actionable detail.

Capabilities

• Static reliability/safety scan for agent-SDK repos (Claude Agent SDK,
  OpenAI Agents SDK, Google ADK, MCP) — runs the upstream trustabl binary over
  your checkout, no daemon or hosted service.
• Composite + cross-platform — ubuntu-*, macos-*, windows-* on
  x64/arm64; binary is tool-cached so reruns are fast.
• Two machine outputs — full JSON ScanResult and SARIF 2.1.0, uploaded as
  a downloadable artifact (Code Scanning upload is opt-in via upload-sarif).
• CI gates — fail the job on a risk-score-threshold and/or a
  severity-threshold; both independent, both default-off (zero-config = scan
  only).
• Readiness panel — colored score-bar report in the log and the run's Step
  Summary: current vs projected readiness, per-severity breakdown, and the
  fix-headroom ladder.
• Step outputs for downstream — readiness-score, risk-score,
  max-severity, findings-count, exit-code, plus file/artifact paths.
• Zero-config — minimum call is uses: trustabl/actions@v0.1.2 after
  actions/checkout; every input has a sensible default.

Usage

Minimal — drop into .github/workflows/trustabl.yml:

name: Trustabl
on: [push, pull_request]
permissions:
 contents: read
jobs:
 scan:
 runs-on: ubuntu-latest
 steps:
 - uses: actions/checkout@v4
 - uses: trustabl/actions@v0.1.2

Pinned + gated:

- uses: trustabl/actions@v0.1.2
 with:
 version: v0.5.0 # pin the trustabl binary for reproducible CI
 detectors: claude_sdk,openai_sdk
 severity-threshold: high # fail on any high or critical finding
 risk-score-threshold: 70 # fail if risk (100 - readiness) >= 70
 upload-sarif: true # also requires: permissions → security-events: write

Patch release. Single bug fix for branch resolution on remote URL targets.

v0.1.1

Fixed

• Branch row showed unknown for https://github.com/OWNER/NAME targets. The resolver only inspected local checkouts, so URL-based scans had no signal to read. v0.1.1 calls gh api repos/OWNER/NAME --jq .default_branch using the runner's ${{ github.token }} and shows the remote's default branch — the same one trustabl actually clones and scans.

Local-path targets still prefer main → master → HEAD. unknown remains the documented last-resort.

Usage

name: Trustabl
on: [push, pull_request]
permissions:
 contents: read
jobs:
 scan:
 runs-on: ubuntu-latest
 steps:
 - uses: actions/checkout@v4
 - uses: trustabl/actions@v0.1.1

First Marketplace release. Reusable composite Action that runs trustabl — the static reliability/safety analyzer for agent-SDK repos (Claude Agent SDK, OpenAI Agents SDK, Google ADK, MCP) — against any repository and gates the pipeline on readiness, risk, or severity thresholds.

⚠️ 0.x pre-stable. Pin to @v0.1.0 (not a sliding @v0). Minor bumps may carry breaking changes until 1.0.0.

Quick start

name: Trustabl
on: [push, pull_request]
permissions:
 contents: read
jobs:
 scan:
 runs-on: ubuntu-latest
 steps:
 - uses: actions/checkout@v4
 - uses: trustabl/actions@v0.1.0
**Full Changelog**: https://github.com/trustabl/actions/commits/v0.1.0