Changelog
All notable changes to Firmis are documented here. Format follows Keep a Changelog.
[2.1.0] - 2026-03-31
Section titled “[2.1.0] - 2026-03-31”firmis accept- risk acceptance with audit trail, expiry dates, version pinning, and AI-suggested dispositions- Finding states - every finding now has a state (
detected,confirmed,dismissed,accepted) that drives security grades - Security grades - A-F grading computed after deep scan, with grade comparison showing impact of accepted risks
- MCP server mode (
firmis mcp) - run Firmis as an MCP server for agent integration via stdio transport - Interactive fix flow - per-finding approval with Y/n/s/q/a prompts
- AI disposition - deep scan now suggests accept/fix/investigate for each finding with confidence scores
- Monitor .env protection - new rule blocks
.envfile writes - JSON v2.0 schema - new
schema_version,scan_mode,state,attack_technique,reasoningfields - ISO 42001 and MITRE ATLAS compliance frameworks (now 7 total)
Changed
Section titled “Changed”- Terminology standardized: “pattern”, “threat”, and “hotspot” are now “finding” everywhere
firmis scannow scans current directory by default. Use--globalfor full project + home scan- Auth flow: server-side OAuth via Cloudflare Worker. No localhost or Supabase URLs visible
- All pricing amounts and tier names removed from CLI output and reports
- Pentest moved from Pro to Business-only
licensecommand removed (replaced by account-based tier check viafirmis login)- HTML report: grade badge, filter tabs, visual threat map, expandable findings, risk register section
- Confidence display bug (was showing 9000%)
- SARIF output now includes hardening findings as
notelevel - CI exit code returns 0 when
--fail-onnot set - Badge command hides raw HTTP status codes
[2.0.0] - 2026-03-27
Section titled “[2.0.0] - 2026-03-27”Breaking Changes
Section titled “Breaking Changes”- Package renamed from
firmis-scannertofirmis-cli - JSON output schema updated to v2.0 (new fields, removed deprecated interfaces)
buildBucketedOutputalias removedConfirmedThreatEntryandExpectedBehaviorEntrytypes removed
- Deep scan - AI-powered finding verification with server-side analysis (5 credits per component)
- Workspace - complete dashboard rewrite with projects, scan history, billing, and onboarding
- LemonSqueezy billing - account-based subscriptions and credit packs
- Cloud sync - scan results, fix logs, and monitor events sync to workspace
Migration
Section titled “Migration”- Update imports:
firmis-scannertofirmis-cli - Update npx commands:
npx firmis-scannertonpx firmis-cli - JSON consumers: handle new
statefield on findings,schema_version: "2.0"
[1.7.0] - 2026-03-11
Section titled “[1.7.0] - 2026-03-11”firmis init- one-command project setup: detects AI tools, runs first scan, generates.firmisrc.json, shows next steps with contextual upgrade path- GitHub Action (
firmislabs/firmis-scanner@v1) - composite action with PR grade badge comments, HTML report artifacts, and optional workspace sync - 8 new detection rules across agent-memory-poisoning, credential-harvesting, insecure-config, known-malicious, network-abuse, prompt-injection, supply-chain, and tool-poisoning categories
- Total rules: 269 across 26 categories
- Behavioral scoring wired into runtime monitor decision engine
- Training data pipeline: auto-export labeled sessions, synthetic data generation, weight calibration via grid search
- Behavioral scoring was not triggering decisions (score scale mismatch: 0-1 vs 0-100)
- Slowdrip attack template missing exfiltration phase (100% false negative rate)
[1.6.1] - 2026-03-10
Section titled “[1.6.1] - 2026-03-10”- Cloud workspace Phase 1 MVP (Cloudflare Pages deployment)
firmis login,firmis logout,firmis whoamicommands--syncflag for scan result upload to firmislabs.comfirmis badgefor README security grade badge- Post-scan CTA for lead generation
- Scan history with local storage
[1.3.0] - 2026-03-01
Section titled “[1.3.0] - 2026-03-01”- 34 new detection rules: access-control (3 rules), insecure-config (3 rules), expanded credential-harvesting, prompt-injection, supply-chain, and suspicious-behavior categories
- Nanobot platform analyzer
- Total rules: 209 across 26 categories
- False positive reduction in secret detection for test fixtures
- Discovery timeout on large monorepos (500-file limit per component)
- Cross-platform finding deduplication
Security
Section titled “Security”- Input validation on component names (path traversal prevention)
- MAX_FILES_PER_COMPONENT=500 limit (DoS prevention)
[1.2.0] - 2026-02-18
Section titled “[1.2.0] - 2026-02-18”- Credential harvesting and prompt injection rule hardening (Sprint B)
- Supply chain detection improvements
- Cross-platform dedup engine (
src/scanner/dedup.ts)
- YAML escaping issues (
'\'→''for literal quotes) - PlatformRegistry singleton state persistence across tests
- Broad regex false positives in secret detection
Security
Section titled “Security”- Component name validation against path traversal and XSS
[1.1.0] - 2026-02-16
Section titled “[1.1.0] - 2026-02-16”- 8 platform analyzers: Claude, MCP, Codex, Cursor, CrewAI, AutoGPT, OpenClaw, Nanobot
- 175+ YAML detection rules across 12 threat categories
- YARA-like pattern matching engine
- Secret detection (60 rules)
- OSV vulnerability scanning
- Discovery + Agent BOM (CycloneDX 1.7)
- CI pipeline command (
firmis ci) - SARIF 2.1.0 and HTML report output
[1.0.0] - 2026-02-12
Section titled “[1.0.0] - 2026-02-12”- Initial release
- Core scan engine with regex pattern matching
- Terminal, JSON output formats
scan,list,validatecommands