Skip to main content
critiq.dev

Release log

Changelog

High-level release notes for Critiq packages and integrations. For detailed CLI and rule catalog changes, see the docs changelog.

Full details in docs

Release history

critiq-action

View release

v1.0.0

First stable release of the official Critiq GitHub Action on GitHub Marketplace: run the open-source CLI on pull requests with inline review comments, no Critiq Cloud account required.

Added

  • Composite action installs @critiq/cli, runs critiq check, and posts inline PR review comments on the diff.
  • Configurable fail-on-severity gate (off, low, medium, high, critical) after scan and comment posting.
  • comment-mode supports inline, inline+summary, or off for teams that only need JSON or SARIF output.
  • Monorepo support via working-directory and target inputs; reusable workflow at .github/workflows/reusable-critiq.yml.
  • Respects .critiq/config.yaml when present in the repository.

@critiq/rules

View release

v0.1.0

First public release of the open-source rules catalog: security, correctness, performance, quality, and testing rules across supported languages.

Added

  • Public catalog covering security (injection, auth, crypto, egress), correctness, performance, and maintainability rule families.
  • Framework-specific rules for Express, React/JSX, Spring Boot, Rails, Laravel, and other common stacks.
  • Catalog assets validated in CI with rule count checks and fixture-based tests.

Changed

  • Rules workspace extracted from critiq-core into a dedicated @critiq/rules npm package.

@critiq/cli

View release

v0.1.0

First public release of the Critiq CLI: deterministic static analysis with pretty, JSON, SARIF, and HTML output across multiple languages.

Added

  • critiq check with diff, staged, and full-repo scan modes.
  • critiq audit secrets for dedicated secret scanning with configurable secretsScan options.
  • Rule authoring commands: validate, test, normalize, and explain.
  • Language adapters for TypeScript, JavaScript, Java, Go, Python, Ruby, PHP, and Rust with framework-specific security facts.
  • SARIF and HTML output formats for CI and IDE integration.

Changed

  • Workspace split from monolithic core into @critiq/cli and related packages published from critiq-core.