0.4.1

What's Changed

• default:config: output git: true by @khezen in #21

Full Changelog: 0.4.0...0.4.1

0.4.0

What's Changed

• ensure summary only look at relevant files by @khezen in #17
• remove deduplicator by @khezen in #18
• 0.4.0 by @khezen in #20

Full Changelog: 0.3.2...0.4.0

0.3.2

What's Changed

• Local review should not clone repo by @khezen in #15
• release 0.3.2 by @khezen in #16

Full Changelog: 0.3.1...0.3.2

0.3.1

What's Changed

• Add code smells and refactor modules arch by @khezen in #12

Full Changelog: 0.3.0...0.3.1

0.3.0

What's Changed

• readme changes by @khezen in #8
• Add Local code review with git diff and MCP server for codespy, update Readme by @pranavsriram8 in #10
• Release mcp by @khezen in #11

New Contributors

• @pranavsriram8 made their first contribution in #10

Full Changelog: 0.2.3...0.3.0

0.2.3

What's Changed

• restrict tools to scope for cost savings on large repo by @khezen in #7

Full Changelog: 0.2.2...0.2.3

0.2.2

What's Changed

• improve ci by @khezen in #5
• config: env>yaml>default by @khezen in #6

Full Changelog: 0.2.1...0.2.2

CI + fixes + Action

What's Changed

Fixes to parallelization

CI changes

Action fixes

GitLab Support & Core Improvements

Summary:

This PR introduces support for GitLab, alongside significant refactoring, configuration enhancements, and documentation updates. It also streamlines the auditing process by removing the "domain expert" component and improving prompt/output handling.

Key Changes:

GitLab Integration: Added core support for GitLab repositories.

Configuration & CLI:

Implemented the scan_unchanged configuration option for the supply_chain signature.

Added a --config flag for specifying configuration files.

Updated default behavior to skip auditing the supply chain if no changes are detected.

Refactoring & Cleanup:

Removed: The "domain expert" component and "is speculative" logic.

Renamed: "Security Auditor" component.

Merged signatures and improved review management.

Output & Prompting:

Enhanced output efficiency and formatting.

Refined prompts for better results.

Documentation: Updated the README and reviewed existing documentation.

Misc: Version bump and bug fixes (specifically for supply chain change detection).

CodeSpy AI PR Review Agent

CodeSpy Code Review Action v1

🔍 Automated AI-powered code review for your pull requests

Add intelligent code review to your CI/CD pipeline with one line of configuration. CodeSpy analyzes your PRs for security vulnerabilities, bugs, and documentation issues—posting inline comments directly on the affected lines.

Features

• 🔒 Security Analysis - Detects vulnerabilities with CWE references
• 🐛 Bug Detection - Identifies logic errors, null references, resource leaks
• 📝 Documentation Review - Checks for missing/outdated docs
• 🎯 Inline Comments - Issues posted on exact affected lines
• 🤖 Multi-Provider - Anthropic, OpenAI, AWS Bedrock, Google Gemini

Quick Start

- uses: khezen/codespy@v1
  with:
    model: 'claude-sonnet-4-5-20250929'
    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}

Highlights

• Per-signature configuration (enable/disable specific reviewers)
• Configurable models per analysis type
• Output variables for issue counts
• Option to fail CI on critical issues

See the README for full documentation and configuration options.

---

You can shorten this if needed, or I can adjust the tone/focus based on your preference.