Version: main-dev

What's New

A summary of new features and improvements in each release of regis. For the complete list of changes, see the full changelog.

v0.29.0 — April 22, 2026

Highlights

feat(ci): Sprint 1 — M001 deliverables (snapshot retention, snapshot date, action dogfooding, docs) (#494)

Snapshot retention policy: only minor releases snapshotted, last 3 minors + main kept, oldest auto-pruned on 4th minor
snapshot_date surfaced in HTML dashboard, terminal output, and JSON report
CI dogfood workflow (ci-action-dogfood.yml) exercises regis-security-analysis on every push to main
README ## GitHub Action section with Marketplace link and YAML usage snippet

✨ Features

ci: integrate pip-audit severity gate, SBOM artifacts, and provenance attestation (#458)
ci: Sprint 1 — M001 deliverables (snapshot retention, snapshot date, action dogfooding, docs) (#494)
cli: add create-playbook OMC skill (#435)
playbook: playbook bundles with metadata validation and --rerun support (#438)

🐛 Bug Fixes

deps: cap webpack below 5.106.0 to fix Docusaurus build (#416)

v0.28.6 — April 16, 2026

🐛 Bug Fixes

deps: add pnpm to Docker image for bootstrap commands (#401)

v0.28.5 — April 16, 2026

🐛 Bug Fixes

ci: add .dockerignore to fix dubious ownership error in Docker build (#383)

v0.28.4 — April 16, 2026

🐛 Bug Fixes

ci: resolve docker build failure by using setuptools-scm version fallback (#380)
deps: align react-dom with react at 19.2.5 in docs/website (#376)

v0.28.3 — April 15, 2026

Highlights

docs: comprehensive documentation quality improvements + bug fixes (#262)

Comprehensive documentation quality pass plus three pre-existing bug fixes.

🐛 Bug Fixes

Add fallback to pre-built dashboard assets for bundled mode (#369)
ci: correct release-please manifest to v0.28.2 (actual last release)
ci: stop docs snapshot from hijacking release-please PRs (#373)

v0.28.3 — April 15, 2026

Highlights

docs: comprehensive documentation quality improvements + bug fixes (#262)

Comprehensive documentation quality pass plus three pre-existing bug fixes.

🐛 Bug Fixes

Add fallback to pre-built dashboard assets for bundled mode (#369)

v0.28.2 — April 10, 2026

Highlights

docs: comprehensive documentation quality improvements + bug fixes (#262)

Comprehensive documentation quality pass plus three pre-existing bug fixes.

🐛 Bug Fixes

deps: regenerate pnpm lockfile to match bumped dependency specifiers (#363)

v0.28.1 — April 10, 2026

Highlights

docs: comprehensive documentation quality improvements + bug fixes (#262)

Comprehensive documentation quality pass plus three pre-existing bug fixes.

🐛 Bug Fixes

ci: open a PR for docs snapshots instead of pushing to main (#265)
ci: reset release-please manifest to v0.28.0 (#318)
config: update launch.json to use correct report-viewer package name (#281)
Regenerate alpine playbook example with correct baseUrl (#283)

v0.28.1 — April 10, 2026

Highlights

docs: comprehensive documentation quality improvements + bug fixes (#262)

Comprehensive documentation quality pass plus three pre-existing bug fixes.

🐛 Bug Fixes

ci: open a PR for docs snapshots instead of pushing to main (#265)

v0.28.0 — April 10, 2026

Highlights

docs: comprehensive documentation quality improvements + bug fixes (#262)

Comprehensive documentation quality pass plus three pre-existing bug fixes.

feat(cli): add GitLab integration to dashboard (API proxy, trigger, webhooks, UI) (#261)

Phases 2-5 of the dashboard GitLab integration (Phase 1 merged in #259):

GitLab API proxy — GET /api/gitlab/mrs, /mrs/{iid}, /pipelines with server-side token
Pipeline trigger — POST /api/gitlab/trigger with {image_url, ref}
Webhook receiver — POST /api/webhooks/gitlab for MR/pipeline events + SSE stream at /api/events
Dashboard UI — /gitlab page with MR list, trigger form, and MR comparison tabs

Config via CLI or env vars: --gitlab-url, --gitlab-token, --gitlab-project, --webhook-secret

feat(cli): migrate dashboard serve to FastAPI (#259)

Migrate regis dashboard serve from stdlib http.server to FastAPI + uvicorn
Add regis/server/app.py with FastAPI app factory (report.json, archives.json, health endpoint, SPA fallback)
Add fastapi, uvicorn[standard] as runtime deps and httpx as dev dep
Full backward compatibility: same CLI interface, same behavior

This is Phase 1 of the dashboard GitLab integration plan — lays the foundation for API endpoints (GitLab proxy, webhook receiver, pipeline trigger) in future phases.

feat(cli): add bootstrap gitlab-ci wizard for Request-to-MR pipeline (#255)

Add regis bootstrap gitlab-ci command that scaffolds the complete GitLab CI pipeline for the self-service Request-to-MR analysis workflow
Generates .gitlab-ci.yml (3-job pipeline: request_analysis, analyze_image, push_results), playbook.yaml (with integrations.gitlab), and CI-VARIABLES.md
Supports --no-input for non-interactive scaffolding
Post-install notes guide users through variable setup and first run

Phase 1 of: CLI wizard -> web form -> GitLab UI widget -> dashboard integration.

feat(cli): add archive configure command for multi-archive setup (#253)

Add regis archive configure command with --add, --list, --remove flags and interactive mode for creating/editing archives.json
Validates output against archives.schema.json
Add post-install notes to the archive bootstrap template showing how to set up multiple archives
Add multi-archive usage guide to Docusaurus docs at /usage/multi-archive

✨ Features

cli: add GitLab integration to dashboard (API proxy, trigger, webhooks, UI) (#261)
cli: migrate dashboard serve to FastAPI (#259)

🐛 Bug Fixes

docs: repair broken rebrand links + rebuild next on push to main (#263)

v0.27.0 — April 9, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

✨ Features

cli: add archive configure command for multi-archive setup (#253)
cli: add bootstrap gitlab-ci wizard for Request-to-MR pipeline (#255)

v0.26.2 — April 2, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

🐛 Bug Fixes

ci: fix cd-docs deploy failures after repo rename (#237)
ci: reset release manifest to v0.26.1 and remove spurious v0.27.0 snapshot (#242)

v0.27.0 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

✨ Features

Add --cache option to the analyze command to load and use an existing report.json, skipping re-analysis.
Add --theme option for HTML report generation and ignore the /reports directory
Add trunk check commands, introduce the --sync-from option for bootstrap archive, and document the archive UI customization workflow.
Add Dockerfile and GitHub Actions workflow for building and publishing regis-cli Docker images.
Add domain-trusted scorecard
Add extensive test coverage for analyzers and core components, integrate Ruff linter, and refine Skopeo schema.
Add GitHub Actions workflows for Super-Linter and automated releases.
Add Hadolint analyzer to lint Dockerfiles and display results.
Add initial HTML report for image health scores generated by regis-cli.
Add Skopeo analyzer and refactor versioning analyzer to use Skopeo for tag listing.
Add support for multiple output formats and templated output paths for the run command.
Add support for passing metadata via CLI to reports and update report schema.
Add support for templated links in scorecards and reports
Add time formatting and recursive metadata rendering to improve report request details display.
Add user and digest extraction and display to Skopeo image analysis.
Add variant detection and reporting to the versioning analyzer
analyzer/dockle: add Dockle analyzer for container image security and best practices linting with supporting schema, tests, and documentation.
analyzer/endoflie: enhance EndOfLifeSection to display detailed cycle information and prune report.json data
analyzer/sbom: Add license-blocklist rule for invasive open source license detection (#83)
analyzer/size: add layer digest to the size analysis output for individual layers
analyzer/versioning: implement digest-based reporting and release lines hierarchy (#21)
analyzer/versioning: improve tag classification and expose digest aliases (#97)
analyzers: Enable private registry authentication for Trivy-based analyzers and update documentation.
analyzers: Reusable rules and simplified rule slugs (#63)
archive-repo: Update CI/CD workflows, modify CLI logic, and adjust bootstrap tests.
bootstrap: Add bootstrap archive --repo command for automated archive site deployment to GitHub/GitLab Pages.
ci: Add a configurable playbook URL input to GitLab CI/CD.
ci: add auto-rebase and auto-merge workflows for PRs (#115)
ci: add OCI image labels to Dockerfile (#39)
ci: add standard OCI annotations to Dockerfile (#43) (#40)
ci: allow Docker authentication to prevent rate limits (#45)
ci: auto-rebase Dependabot PRs via @dependabot rebase comment (#140)
ci: automate trunk fmt and auto-commit in CI (#48)
ci: handle autorelease:tagged as fallback for version snapshot (#173)
ci: implement gitlab subcommand for CI workflow (#18)
ci: introduce GitLab CI workflow for image analysis with MR-driven triggers and review app deployments.
ci: isolate viewer publication in dedicated workflow
ci: make regis-cli image version configurable in generated GitLab CI.
ci: migrate linting to trunk and add mypy/hadolint (#29)
ci: reusable GitHub composite action for container image analysis (#183)
ci: skip schema/rules doc generation when source unchanged (#139)
cli/bootstrap: display post-install notes after bootstrap (#52)
cli: Add bootstrap archive --sync-from to sync UI changes back to template (#90)
cli: Add CLI command to check image manifest accessibility. Use it to prevent bogus requests.
cli: add evaluate command for dry-run evaluation of playbooks (#25)
cli: add github update-pr command for PR comment posting (#180)
cli: add rules list command and improve evaluator
cli: add viewer serve and export commands (#99)
cli: Implement generate command with cookiecutter for project scaffolding and update project templates.
cli: Implement a CLI version command, refactor importlib.metadata imports, and update tests and GitLab CI artifact handling.
cli: refactor generate to bootstrap command group (#28)
cli: Run analyzers in parallel with ThreadPoolExecutor (#84)
cli: run initial regis-cli image analysis during bootstrap archive
Configure Antora Mermaid extension with a specific library URL and script stem.
cookiecutter: integrate GitHub Actions metadata into analysis reports for improved traceability and remove unused scorecard levels.
cookiecutter: introduce Cookiecutter template for bootstrapping new image analysis projects with documentation, workflows, and default scorecards.
cookiecutter: Introduce Cookiecutter template for project bootstrapping and add its comprehensive usage guide, refining the template's analysis workflow input.
Display structured analyzer errors in the UI and store them in reports.
doc: Add 'Get Started' and 'Understand Playbooks' documentation pages and update navigation.
docs: Add two-version documentation (main-dev + vX.Y.Z) (#87)
docs: initialize Antora documentation
docs: redirect root GitHub Pages URL to /docs/ (#175)
Dynamically set cookiecutter image URL and simplify release-please extra-files configuration.
Embed regis-cli version in analysis reports and update cookiecutter image URLs.
Enable single report viewing by adding support for direct report JSON loading and automatic manifest redirection
Enhance default playbook overview with new recommendation and compliance widgets and update widget styling.
Enhance registry credential resolution by normalizing Docker Hub aliases and remove the score.html report file.
Enhance report output with per-scorecard HTML files, slug support, and improved file writing logic.
Enhance scorecard rule evaluation to track missing data, provide detailed condition stringification, and include rule tags in results and UI.
Enhance Trivy report display for multiple targets and refine report layout with dedicated sections for links and scorecards.
gitlab: append review checklist from report.json to merge request descriptions and unquote $REGIS_CLI_IMAGE in CI.
Implement conditional widget rendering, add new widget styling options including alignment and subvalues, and introduce new CSS for recommendations and header elements.
Implement flexible registry credential resolution via new --auth CLI option and dedicated module
Implement Playbook Tiers, Dynamic Badges and restore multi-page reporting (#56)
Implement registry authentication using environment variables and add new tests.
Initialize regis-cli project with image analysis, scorecard engine, schema validation, and comprehensive project setup.
Integrate scorecard evaluation directly into the analyze command, supporting multiple custom scorecards, and remove the dedicated score command.
Introduce new HTML report structure and styling with updated templates and CSS.
Introduce OpenSSF Scorecard, Freshness, and Popularity analyzer reports with supporting configuration and robustness improvements.
Introduce SBOM analysis using Trivy and CycloneDX, replacing the license analyzer.
Introduce scorecard pages to group sections and add new size and versioning analyzers.
Introduce section-based scorecards with a new schema and remove the dependency analyzer.
Multi-archive support in viewer (#182)
playbook: add support for multiple titled GitLab MR description checklists with backward compatibility.
playbook: Enhance GitLab MR checklist items with show_if and check_if conditions.
playbook: Implement GitLab MR description checklist feature for custom compliance checks.
playbook: Implement named addressing for playbook pages and sections
playbook: integrate Dockle security analysis with a new policy, dedicated UI, and updated documentation.
playbook: Introduce configurable additional MR content generation from templates
playbooks: Add support for loading playbooks from remote URLs and update cookiecutters to utilize this feature.
Prevent concurrent use of --site and --archive and skip template rendering when archiving
Refactor cookiecutter templates to support both GitHub and GitLab platforms with dedicated CI configurations and documentation.
Refine scorecard reporting by updating schemas, engine logic, templates, and removing old report files.
Render error cards for all unhandled analyzer errors in the report
Replace single achieved level with a detailed summary by level in scorecard results, CLI output, and HTML report.
report: archive store and standalone archive viewer cookiecutter (#74)
report: Embed regis-cli version into analysis reports and schema
report: implement docusaurus report viewer (#68)
report: implement dynamic archive loading and build robustness (#98)
report: load report from a custom URL via query parameter (#94)
report: overhaul report viewer UI with Tremor components (#70)
reports: Implement automatic versioning of analysis reports in GitLab CI and document its configuration.
review: enhance GitLab CI report delivery by committing to reports/, posting direct links to MR comments, and updating documentation.
review: enhance GitLab CI/CD to specify output filename, run site generation on the default branch, and dynamically configure Pages deployments for review apps and main branch, while updating the project backlog.
review: Expose analysis reports as Merge Request artifacts instead of deploying to Review Apps and update documentation accordingly.
review: Implement and document a self-service analysis workflow in GitLab CI, including optional report commits to the branch and dynamic Review App links.
review: Introduce automated GitLab MR labeling and conditional playbook links based on analysis outcomes.
review: use GitLab API for merge request creation to enable setting reviewers and assignees, and add curl dependency.
Set default output directory template to include the tag.
template: implement two-pass sync to add new files from working directory to template
templates: implement comprehensive dashboard components and reporting UI for container analysis
Track and display involved data analyzers for scorecard rule evaluations in the schema, engine, and HTML report.
ui: Implement a new report rendering engine with a sidebar layout and dedicated pages for various analysis results.
ui: Introduce new analyzer display templates and enhance the playbook engine to support section widgets.
viewer: add status calculation to archive store and implement status filtering in report viewer

🐛 Bug Fixes

Add step to re-checkout merge ref for pull requests in the Trunk workflow.
analyzer/skopeo: filter out unknown platform entries in SkopeoSection
analyzers: Expose analyzer results at the root of the scorecard evaluation context and update default Trivy rules.
analyzers: prevent Skopeo analyzer from failing on index image inspection and formalize commit message guidelines.
analyzer: standardize rule names and fix analyzer validation (#62)
build: install corepack before enabling pnpm in Dockerfile (#153)
build: install git in Dockerfile
build: pin tailwindcss to v3 and ignore v4 Dependabot bumps (#164)
build: regenerate pnpm lockfile after Dependabot bumps (#149)
build: use pnpm direct install and sync serialize-javascript override (#155)
ci: add workflow_dispatch trigger and refine tag matching for Docker publish workflow.
ci: break release-please auto-merge feedback loop (#219)
ci: build viewer assets before exporting to static site
ci: clean up docs pipeline after rebrand and release loop (#231)
ci: configure releaser-pleaser action with release token
ci: fall back to github.token when App secrets unavailable (dependabot PRs) (#137)
ci: Fix broken Publish Documentation workflow
ci: fix cd-docs deploy failures after repo rename (#237)
ci: Fix Trunk auto-format workflow to avoid stale SHA issue (#86)
ci: fix trunk fmt conflict and resolve HTML syntax errors
ci: limit cd-docs workflow to release and manual triggers (#222)
ci: remove broken @dependabot rebase comment approach (#142)
ci: remove coverage badge direct push to main (#147)
ci: Reorder documentation generation steps in the CI workflow and enhance the Docusaurus report builder with improved build commands and dependency checks.
ci: revert actions/create-github-app-token to v1 in docs-publish workflow (#106)
ci: robust auto-formatting and protected branch handling (#51)
ci: skip auto-merge for release-please PRs (#144)
ci: skip trunk checks on generated schema docs (#230)
ci: stop tracking whats-new.md to prevent merge conflicts (#223)
ci: Update Python version to 3.14 in test workflow.
ci: use GitHub App token for Trunk auto-commit to trigger new workflow runs (#108)
ci: use personal_token for peaceiris/actions-gh-pages in docs-publish (#113)
ci: use pull_request_target so auto-merge works on Dependabot PRs (#143)
cli: bug sweep — narrow exception, remove dead code, boost coverage (#233)
cli: resolve bootstrap command failure in Docker image (#46)
Correct malformed versions.json and add a workflow step to validate and reset it if corrupted.
Correct relative path for the "Understand Playbooks" guide link in the default playbook overview.
docker: address permission denied errors in Docker by setting user UID/GID, ensuring directory writability, and adding a report output fallback.
docker: Resolve Docker container permission issues by creating a home directory for the regis user and setting report directory permissions, and update the analysis workflow.
docs: Add base URL configuration for Docusaurus reports and update workflow output directory.
docs: corrupted versions.json
docs: resolve Docusaurus broken links and anchor warnings (#159)
docs: revert versioned_docs additions and add release snapshot workflow (#160)
gitlab: Fix report generation path
gitlab: Improve GitLab CI report path handling
playbook: Remove duplicate rules when templates are instantiated by playbook (#89)
Prevent AttributeError in scorecard link processing by adding type checks and update regis-cli workflow flags to long form.
Remove --force from Docusaurus versioning in CI and correct versions.json format.
Remove redundant entries from versions.json.
Resolve Trunk Check HEAD^2 error by adjusting git checkout depth and auto-commit logic in the lint workflow.
schema: add missing fields to trivy schema and fix id resolution
template: add missing format_number Jinja2 filter
Trunk pipeline
Update GitHub App ID secret reference in docs-publish workflow
Update GitHub App private key secret reference in docs-publish workflow
Update the yaml-language-server schema path in the default playbook.
Upgrade Python to 3.13, harden Dockerfile, mock EOL analyzer tests, and add main branch analysis to docs workflow
Versions...

🔧 Reverts

ci: remove broken @dependabot rebase comment approach (#141)

v0.26.2 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

🐛 Bug Fixes

ci: fix cd-docs deploy failures after repo rename (#237)

v0.26.1 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

🐛 Bug Fixes

ci: clean up docs pipeline after rebrand and release loop (#231)
ci: skip trunk checks on generated schema docs (#230)
cli: bug sweep — narrow exception, remove dead code, boost coverage (#233)

v0.26.0 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

✨ Features

Add --cache option to the analyze command to load and use an existing report.json, skipping re-analysis.
Add --theme option for HTML report generation and ignore the /reports directory
Add trunk check commands, introduce the --sync-from option for bootstrap archive, and document the archive UI customization workflow.
Add Dockerfile and GitHub Actions workflow for building and publishing regis-cli Docker images.
Add domain-trusted scorecard
Add extensive test coverage for analyzers and core components, integrate Ruff linter, and refine Skopeo schema.
Add GitHub Actions workflows for Super-Linter and automated releases.
Add Hadolint analyzer to lint Dockerfiles and display results.
Add initial HTML report for image health scores generated by regis-cli.
Add Skopeo analyzer and refactor versioning analyzer to use Skopeo for tag listing.
Add support for multiple output formats and templated output paths for the run command.
Add support for passing metadata via CLI to reports and update report schema.
Add support for templated links in scorecards and reports
Add time formatting and recursive metadata rendering to improve report request details display.
Add user and digest extraction and display to Skopeo image analysis.
Add variant detection and reporting to the versioning analyzer
analyzer/dockle: add Dockle analyzer for container image security and best practices linting with supporting schema, tests, and documentation.
analyzer/endoflie: enhance EndOfLifeSection to display detailed cycle information and prune report.json data
analyzer/sbom: Add license-blocklist rule for invasive open source license detection (#83)
analyzer/size: add layer digest to the size analysis output for individual layers
analyzer/versioning: implement digest-based reporting and release lines hierarchy (#21)
analyzer/versioning: improve tag classification and expose digest aliases (#97)
analyzers: Enable private registry authentication for Trivy-based analyzers and update documentation.
analyzers: Reusable rules and simplified rule slugs (#63)
archive-repo: Update CI/CD workflows, modify CLI logic, and adjust bootstrap tests.
bootstrap: Add bootstrap archive --repo command for automated archive site deployment to GitHub/GitLab Pages.
ci: Add a configurable playbook URL input to GitLab CI/CD.
ci: add auto-rebase and auto-merge workflows for PRs (#115)
ci: add OCI image labels to Dockerfile (#39)
ci: add standard OCI annotations to Dockerfile (#43) (#40)
ci: allow Docker authentication to prevent rate limits (#45)
ci: auto-rebase Dependabot PRs via @dependabot rebase comment (#140)
ci: automate trunk fmt and auto-commit in CI (#48)
ci: handle autorelease:tagged as fallback for version snapshot (#173)
ci: implement gitlab subcommand for CI workflow (#18)
ci: introduce GitLab CI workflow for image analysis with MR-driven triggers and review app deployments.
ci: isolate viewer publication in dedicated workflow
ci: make regis-cli image version configurable in generated GitLab CI.
ci: migrate linting to trunk and add mypy/hadolint (#29)
ci: reusable GitHub composite action for container image analysis (#183)
ci: skip schema/rules doc generation when source unchanged (#139)
cli/bootstrap: display post-install notes after bootstrap (#52)
cli: Add bootstrap archive --sync-from to sync UI changes back to template (#90)
cli: Add CLI command to check image manifest accessibility. Use it to prevent bogus requests.
cli: add evaluate command for dry-run evaluation of playbooks (#25)
cli: add github update-pr command for PR comment posting (#180)
cli: add rules list command and improve evaluator
cli: add viewer serve and export commands (#99)
cli: Implement generate command with cookiecutter for project scaffolding and update project templates.
cli: Implement a CLI version command, refactor importlib.metadata imports, and update tests and GitLab CI artifact handling.
cli: refactor generate to bootstrap command group (#28)
cli: Run analyzers in parallel with ThreadPoolExecutor (#84)
cli: run initial regis-cli image analysis during bootstrap archive
Configure Antora Mermaid extension with a specific library URL and script stem.
cookiecutter: integrate GitHub Actions metadata into analysis reports for improved traceability and remove unused scorecard levels.
cookiecutter: introduce Cookiecutter template for bootstrapping new image analysis projects with documentation, workflows, and default scorecards.
cookiecutter: Introduce Cookiecutter template for project bootstrapping and add its comprehensive usage guide, refining the template's analysis workflow input.
Display structured analyzer errors in the UI and store them in reports.
doc: Add 'Get Started' and 'Understand Playbooks' documentation pages and update navigation.
docs: Add two-version documentation (main-dev + vX.Y.Z) (#87)
docs: initialize Antora documentation
docs: redirect root GitHub Pages URL to /docs/ (#175)
Dynamically set cookiecutter image URL and simplify release-please extra-files configuration.
Embed regis-cli version in analysis reports and update cookiecutter image URLs.
Enable single report viewing by adding support for direct report JSON loading and automatic manifest redirection
Enhance default playbook overview with new recommendation and compliance widgets and update widget styling.
Enhance registry credential resolution by normalizing Docker Hub aliases and remove the score.html report file.
Enhance report output with per-scorecard HTML files, slug support, and improved file writing logic.
Enhance scorecard rule evaluation to track missing data, provide detailed condition stringification, and include rule tags in results and UI.
Enhance Trivy report display for multiple targets and refine report layout with dedicated sections for links and scorecards.
gitlab: append review checklist from report.json to merge request descriptions and unquote $REGIS_CLI_IMAGE in CI.
Implement conditional widget rendering, add new widget styling options including alignment and subvalues, and introduce new CSS for recommendations and header elements.
Implement flexible registry credential resolution via new --auth CLI option and dedicated module
Implement Playbook Tiers, Dynamic Badges and restore multi-page reporting (#56)
Implement registry authentication using environment variables and add new tests.
Initialize regis-cli project with image analysis, scorecard engine, schema validation, and comprehensive project setup.
Integrate scorecard evaluation directly into the analyze command, supporting multiple custom scorecards, and remove the dedicated score command.
Introduce new HTML report structure and styling with updated templates and CSS.
Introduce OpenSSF Scorecard, Freshness, and Popularity analyzer reports with supporting configuration and robustness improvements.
Introduce SBOM analysis using Trivy and CycloneDX, replacing the license analyzer.
Introduce scorecard pages to group sections and add new size and versioning analyzers.
Introduce section-based scorecards with a new schema and remove the dependency analyzer.
Multi-archive support in viewer (#182)
playbook: add support for multiple titled GitLab MR description checklists with backward compatibility.
playbook: Enhance GitLab MR checklist items with show_if and check_if conditions.
playbook: Implement GitLab MR description checklist feature for custom compliance checks.
playbook: Implement named addressing for playbook pages and sections
playbook: integrate Dockle security analysis with a new policy, dedicated UI, and updated documentation.
playbook: Introduce configurable additional MR content generation from templates
playbooks: Add support for loading playbooks from remote URLs and update cookiecutters to utilize this feature.
Prevent concurrent use of --site and --archive and skip template rendering when archiving
Refactor cookiecutter templates to support both GitHub and GitLab platforms with dedicated CI configurations and documentation.
Refine scorecard reporting by updating schemas, engine logic, templates, and removing old report files.
Render error cards for all unhandled analyzer errors in the report
Replace single achieved level with a detailed summary by level in scorecard results, CLI output, and HTML report.
report: archive store and standalone archive viewer cookiecutter (#74)
report: Embed regis-cli version into analysis reports and schema
report: implement docusaurus report viewer (#68)
report: implement dynamic archive loading and build robustness (#98)
report: load report from a custom URL via query parameter (#94)
report: overhaul report viewer UI with Tremor components (#70)
reports: Implement automatic versioning of analysis reports in GitLab CI and document its configuration.
review: enhance GitLab CI report delivery by committing to reports/, posting direct links to MR comments, and updating documentation.
review: enhance GitLab CI/CD to specify output filename, run site generation on the default branch, and dynamically configure Pages deployments for review apps and main branch, while updating the project backlog.
review: Expose analysis reports as Merge Request artifacts instead of deploying to Review Apps and update documentation accordingly.
review: Implement and document a self-service analysis workflow in GitLab CI, including optional report commits to the branch and dynamic Review App links.
review: Introduce automated GitLab MR labeling and conditional playbook links based on analysis outcomes.
review: use GitLab API for merge request creation to enable setting reviewers and assignees, and add curl dependency.
Set default output directory template to include the tag.
template: implement two-pass sync to add new files from working directory to template
templates: implement comprehensive dashboard components and reporting UI for container analysis
Track and display involved data analyzers for scorecard rule evaluations in the schema, engine, and HTML report.
ui: Implement a new report rendering engine with a sidebar layout and dedicated pages for various analysis results.
ui: Introduce new analyzer display templates and enhance the playbook engine to support section widgets.
viewer: add status calculation to archive store and implement status filtering in report viewer

🐛 Bug Fixes

Add step to re-checkout merge ref for pull requests in the Trunk workflow.
analyzer/skopeo: filter out unknown platform entries in SkopeoSection
analyzers: Expose analyzer results at the root of the scorecard evaluation context and update default Trivy rules.
analyzers: prevent Skopeo analyzer from failing on index image inspection and formalize commit message guidelines.
analyzer: standardize rule names and fix analyzer validation (#62)
build: install corepack before enabling pnpm in Dockerfile (#153)
build: install git in Dockerfile
build: pin tailwindcss to v3 and ignore v4 Dependabot bumps (#164)
build: regenerate pnpm lockfile after Dependabot bumps (#149)
build: use pnpm direct install and sync serialize-javascript override (#155)
ci: add workflow_dispatch trigger and refine tag matching for Docker publish workflow.
ci: break release-please auto-merge feedback loop (#219)
ci: build viewer assets before exporting to static site
ci: configure releaser-pleaser action with release token
ci: fall back to github.token when App secrets unavailable (dependabot PRs) (#137)
ci: Fix broken Publish Documentation workflow
ci: Fix Trunk auto-format workflow to avoid stale SHA issue (#86)
ci: fix trunk fmt conflict and resolve HTML syntax errors
ci: limit cd-docs workflow to release and manual triggers (#222)
ci: remove broken @dependabot rebase comment approach (#142)
ci: remove coverage badge direct push to main (#147)
ci: Reorder documentation generation steps in the CI workflow and enhance the Docusaurus report builder with improved build commands and dependency checks.
ci: revert actions/create-github-app-token to v1 in docs-publish workflow (#106)
ci: robust auto-formatting and protected branch handling (#51)
ci: skip auto-merge for release-please PRs (#144)
ci: stop tracking whats-new.md to prevent merge conflicts (#223)
ci: Update Python version to 3.14 in test workflow.
ci: use GitHub App token for Trunk auto-commit to trigger new workflow runs (#108)
ci: use personal_token for peaceiris/actions-gh-pages in docs-publish (#113)
ci: use pull_request_target so auto-merge works on Dependabot PRs (#143)
cli: resolve bootstrap command failure in Docker image (#46)
Correct malformed versions.json and add a workflow step to validate and reset it if corrupted.
Correct relative path for the "Understand Playbooks" guide link in the default playbook overview.
docker: address permission denied errors in Docker by setting user UID/GID, ensuring directory writability, and adding a report output fallback.
docker: Resolve Docker container permission issues by creating a home directory for the regis user and setting report directory permissions, and update the analysis workflow.
docs: Add base URL configuration for Docusaurus reports and update workflow output directory.
docs: corrupted versions.json
docs: resolve Docusaurus broken links and anchor warnings (#159)
docs: revert versioned_docs additions and add release snapshot workflow (#160)
gitlab: Fix report generation path
gitlab: Improve GitLab CI report path handling
playbook: Remove duplicate rules when templates are instantiated by playbook (#89)
Prevent AttributeError in scorecard link processing by adding type checks and update regis-cli workflow flags to long form.
Remove --force from Docusaurus versioning in CI and correct versions.json format.
Remove redundant entries from versions.json.
Resolve Trunk Check HEAD^2 error by adjusting git checkout depth and auto-commit logic in the lint workflow.
schema: add missing fields to trivy schema and fix id resolution
template: add missing format_number Jinja2 filter
Trunk pipeline
Update GitHub App ID secret reference in docs-publish workflow
Update GitHub App private key secret reference in docs-publish workflow
Update the yaml-language-server schema path in the default playbook.
Upgrade Python to 3.13, harden Dockerfile, mock EOL analyzer tests, and add main branch analysis to docs workflow
Versions...

🔧 Reverts

ci: remove broken @dependabot rebase comment approach (#141)

v0.25.15 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#216)

v0.25.14 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#214)

v0.25.13 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#212)

v0.25.12 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#210)

v0.25.11 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#208)

v0.25.10 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#206)

v0.25.9 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#204)

v0.25.8 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#202)

v0.25.7 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#200)

v0.25.6 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#198)

v0.25.5 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#196)

v0.25.4 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#194)

v0.25.3 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#192)

v0.25.2 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#190)

v0.25.1 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

📚 Documentation

Update documentation reference and snapshots (#188)

v0.25.0 — March 31, 2026

Highlights

chore(cli): rebrand project from regis-cli to Regis (#185)

Full project rebrand from regis-cli to Regis (Registry Scores)
Clean-cut rename of Python module regis_cli/ → regis/ with no deprecation shim
Renamed PyPI package (regis), console script (regis), and all entry points
Updated Dockerfile, GitHub Action, workflows, docs site, report-viewer, and README
Updated trunk config: bandit threshold set to medium to avoid blocking on pre-existing low-severity subprocess warnings surfaced by file rename

feat(ci): reusable GitHub composite action for container image analysis (#183)

Adds action.yml at the repository root, enabling uses: trivoallan/regis-cli@VERSION as a single-step integration
Wraps the full analysis workflow: docker run analyze → upload artifact → post PR comment (v0.25.0+)
Fixes the --auth format bug in the GitHub integration docs (registry:user:pass → registry=user:pass)
Adds a Quick Start section to the GitHub integration docs with minimal example, full input/output reference, and a :::note about the v0.25.0 requirement for PR comments

feat: multi-archive support in viewer (#182)

Adds support for multiple named archives in the regis-cli report viewer, enabling teams to organize analyses by typology (e.g. "Import Authorization", "Production Catalog").

--archive CLI flag (repeatable) on viewer export and viewer serve — writes/serves an archives.json config file listing named archives by path or URL
Archive switcher UI — Tremor tab bar lets users switch between archives; appears automatically when ≥2 archives are configured
Combined "All Archives" view — merges all manifests, adds a Source column and filter for cross-archive comparison
archives.json JSON Schema at regis_cli/schemas/archives.schema.json
Graceful fallback — viewer operates in single-archive mode when archives.json is absent

Example:

regis viewer serve \\
  --archive "Import Authorization:archives/import/manifest.json" \\
  --archive "Production Catalog:https://host/prod/manifest.json"

feat(cli): add github update-pr command for PR comment posting (#180)

Add regis-cli github update-pr command that posts/updates a PR comment with analysis results — achieving parity with the existing regis-cli gitlab update-mr
Comment includes playbook score, tier, rules passed/total, and vulnerability counts (critical/high from Trivy)
Uses  HTML marker for idempotent upsert (updates existing comment on re-runs)
Applies playbook labels and badge labels to the PR via GitHub API
Token reads from --token flag or GITHUB_TOKEN env var

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

Introduces an automated "What's New" documentation page that summarizes new features and improvements for each release of regis-cli. The page is generated from the CHANGELOG.md and optionally enriched with PR highlights from GitHub.

✨ Features

ci: reusable GitHub composite action for container image analysis (#183)
cli: add github update-pr command for PR comment posting (#180)
docs: redirect root GitHub Pages URL to /docs/ (#175)
Multi-archive support in viewer (#182)

📚 Documentation

Add Docusaurus version snapshot for v0.24.0 (#176)
docs: add public roadmap and stability commitments (#187)
Update documentation reference and snapshots (#179)
Update documentation reference and snapshots (#181)
Update documentation reference and snapshots (#184)
Update documentation reference and snapshots (#186)

v0.24.0 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

✨ Features

ci: handle autorelease:tagged as fallback for version snapshot (#173)

📚 Documentation

Update documentation reference and snapshots (#171)

v0.23.7 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

🐛 Bug Fixes

build: pin tailwindcss to v3 and ignore v4 Dependabot bumps (#164)

📚 Documentation

Update documentation reference and snapshots (#163)

v0.23.6 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

📚 Documentation

Update documentation reference and snapshots (#161)

v0.23.5 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

🐛 Bug Fixes

docs: resolve Docusaurus broken links and anchor warnings (#159)
docs: revert versioned_docs additions and add release snapshot workflow (#160)

📚 Documentation

Update documentation reference and snapshots (#157)

v0.23.4 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

🐛 Bug Fixes

build: use pnpm direct install and sync serialize-javascript override (#155)

v0.23.3 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

🐛 Bug Fixes

build: install corepack before enabling pnpm in Dockerfile (#153)

v0.23.2 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

🐛 Bug Fixes

build: regenerate pnpm lockfile after Dependabot bumps (#149)

v0.23.1 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

🐛 Bug Fixes

ci: remove coverage badge direct push to main (#147)

v0.23.0 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

✨ Features

ci: add auto-rebase and auto-merge workflows for PRs (#115)
ci: auto-rebase Dependabot PRs via @dependabot rebase comment (#140)
ci: skip schema/rules doc generation when source unchanged (#139)

🐛 Bug Fixes

ci: fall back to github.token when App secrets unavailable (dependabot PRs) (#137)
ci: remove broken @dependabot rebase comment approach (#142)
ci: revert actions/create-github-app-token to v1 in docs-publish workflow (#106)
ci: skip auto-merge for release-please PRs (#144)
ci: use GitHub App token for Trunk auto-commit to trigger new workflow runs (#108)
ci: use personal_token for peaceiris/actions-gh-pages in docs-publish (#113)
ci: use pull_request_target so auto-merge works on Dependabot PRs (#143)
Update GitHub App ID secret reference in docs-publish workflow
Update GitHub App private key secret reference in docs-publish workflow

🔧 Reverts

ci: remove broken @dependabot rebase comment approach (#141)

📚 Documentation

Add CI/CD gotchas for Dependabot, Release Please, and auto-rebase
ci: update memory bank with GitHub Actions auth unification (#114)
Snapshot versioned docs for v0.22.0
Update documentation reference and snapshots (#103)
Update documentation reference and snapshots (#107)
Update documentation reference and snapshots (#109)
Update documentation reference and snapshots (#110)
Update documentation reference and snapshots (#112)
Update documentation reference and snapshots (#116)
Update documentation reference and snapshots (#118)
Update documentation reference and snapshots (#135)

v0.22.0 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

✨ Features

Enable single report viewing by adding support for direct report JSON loading and automatic manifest redirection
viewer: add status calculation to archive store and implement status filtering in report viewer

📚 Documentation

Snapshot versioned docs for v0.21.0

v0.21.0 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

✨ Features

analyzer/endoflie: enhance EndOfLifeSection to display detailed cycle information and prune report.json data
analyzer/versioning: improve tag classification and expose digest aliases (#97)
ci: isolate viewer publication in dedicated workflow
cli: add viewer serve and export commands (#99)
cli: run initial regis image analysis during bootstrap archive
Prevent concurrent use of --site and --archive and skip template rendering when archiving
report: implement dynamic archive loading and build robustness (#98)
report: load report from a custom URL via query parameter (#94)
template: implement two-pass sync to add new files from working directory to template
templates: implement comprehensive dashboard components and reporting UI for container analysis

🐛 Bug Fixes

analyzer/skopeo: filter out unknown platform entries in SkopeoSection
ci: build viewer assets before exporting to static site
Upgrade Python to 3.13, harden Dockerfile, mock EOL analyzer tests, and add main branch analysis to docs workflow

v0.20.0 — March 21, 2026

✨ Features

Add trunk check commands, introduce the --sync-from option for bootstrap archive, and document the archive UI customization workflow.
analyzer/sbom: Add license-blocklist rule for invasive open source license detection (#83)
cli: Add bootstrap archive --sync-from to sync UI changes back to template (#90)
cli: Run analyzers in parallel with ThreadPoolExecutor (#84)
docs: Add two-version documentation (main-dev + vX.Y.Z) (#87)

🐛 Bug Fixes

ci: Fix Trunk auto-format workflow to avoid stale SHA issue (#86)
playbook: Remove duplicate rules when templates are instantiated by playbook (#89)
Update the yaml-language-server schema path in the default playbook.

📚 Documentation

Add licensing tag and correct relative path in archive-repo documentation.
archive: rename "Archive Repo Setup" to "Archive Repository"
Delete versioned documentation and update the reports concept page.
docs: Redesign homepage with feature cards and report preview gallery (#88)
Improve CLAUDE.md with commands, architecture, and key patterns (#85)
Update CLAUDE.md with CLI module split, test patch targets, and trunk hooks

v0.19.0 — March 21, 2026

✨ Features

Add --cache option to the analyze command to load and use an existing report.json, skipping re-analysis.
Add --theme option for HTML report generation and ignore the /reports directory
Add Dockerfile and GitHub Actions workflow for building and publishing regis Docker images.
Add domain-trusted scorecard
Add extensive test coverage for analyzers and core components, integrate Ruff linter, and refine Skopeo schema.
Add GitHub Actions workflows for Super-Linter and automated releases.
Add Hadolint analyzer to lint Dockerfiles and display results.
Add initial HTML report for image health scores generated by regis.
Add Skopeo analyzer and refactor versioning analyzer to use Skopeo for tag listing.
Add support for multiple output formats and templated output paths for the run command.
Add support for passing metadata via CLI to reports and update report schema.
Add support for templated links in scorecards and reports
Add time formatting and recursive metadata rendering to improve report request details display.
Add user and digest extraction and display to Skopeo image analysis.
Add variant detection and reporting to the versioning analyzer
analyzer/dockle: add Dockle analyzer for container image security and best practices linting with supporting schema, tests, and documentation.
analyzer/size: add layer digest to the size analysis output for individual layers
analyzer/versioning: implement digest-based reporting and release lines hierarchy (#21)
analyzers: Enable private registry authentication for Trivy-based analyzers and update documentation.
analyzers: Reusable rules and simplified rule slugs (#63)
archive-repo: Update CI/CD workflows, modify CLI logic, and adjust bootstrap tests.
bootstrap: Add bootstrap archive --repo command for automated archive site deployment to GitHub/GitLab Pages.
ci: Add a configurable playbook URL input to GitLab CI/CD.
ci: add OCI image labels to Dockerfile (#39)
ci: add standard OCI annotations to Dockerfile (#43) (#40)
ci: allow Docker authentication to prevent rate limits (#45)
ci: automate trunk fmt and auto-commit in CI (#48)
ci: implement gitlab subcommand for CI workflow (#18)
ci: introduce GitLab CI workflow for image analysis with MR-driven triggers and review app deployments.
ci: make regis image version configurable in generated GitLab CI.
ci: migrate linting to trunk and add mypy/hadolint (#29)
cli/bootstrap: display post-install notes after bootstrap (#52)
cli: Add CLI command to check image manifest accessibility. Use it to prevent bogus requests.
cli: add evaluate command for dry-run evaluation of playbooks (#25)
cli: add rules list command and improve evaluator
cli: Implement generate command with cookiecutter for project scaffolding and update project templates.
cli: Implement a CLI version command, refactor importlib.metadata imports, and update tests and GitLab CI artifact handling.
cli: refactor generate to bootstrap command group (#28)
Configure Antora Mermaid extension with a specific library URL and script stem.
cookiecutter: integrate GitHub Actions metadata into analysis reports for improved traceability and remove unused scorecard levels.
cookiecutter: introduce Cookiecutter template for bootstrapping new image analysis projects with documentation, workflows, and default scorecards.
cookiecutter: Introduce Cookiecutter template for project bootstrapping and add its comprehensive usage guide, refining the template's analysis workflow input.
Display structured analyzer errors in the UI and store them in reports.
doc: Add 'Get Started' and 'Understand Playbooks' documentation pages and update navigation.
docs: initialize Antora documentation
Dynamically set cookiecutter image URL and simplify release-please extra-files configuration.
Embed regis version in analysis reports and update cookiecutter image URLs.
Enhance default playbook overview with new recommendation and compliance widgets and update widget styling.
Enhance registry credential resolution by normalizing Docker Hub aliases and remove the score.html report file.
Enhance report output with per-scorecard HTML files, slug support, and improved file writing logic.
Enhance scorecard rule evaluation to track missing data, provide detailed condition stringification, and include rule tags in results and UI.
Enhance Trivy report display for multiple targets and refine report layout with dedicated sections for links and scorecards.
gitlab: append review checklist from report.json to merge request descriptions and unquote $REGIS_CLI_IMAGE in CI.
Implement conditional widget rendering, add new widget styling options including alignment and subvalues, and introduce new CSS for recommendations and header elements.
Implement flexible registry credential resolution via new --auth CLI option and dedicated module
Implement Playbook Tiers, Dynamic Badges and restore multi-page reporting (#56)
Implement registry authentication using environment variables and add new tests.
Initialize regis project with image analysis, scorecard engine, schema validation, and comprehensive project setup.
Integrate scorecard evaluation directly into the analyze command, supporting multiple custom scorecards, and remove the dedicated score command.
Introduce new HTML report structure and styling with updated templates and CSS.
Introduce OpenSSF Scorecard, Freshness, and Popularity analyzer reports with supporting configuration and robustness improvements.
Introduce SBOM analysis using Trivy and CycloneDX, replacing the license analyzer.
Introduce scorecard pages to group sections and add new size and versioning analyzers.
Introduce section-based scorecards with a new schema and remove the dependency analyzer.
playbook: add support for multiple titled GitLab MR description checklists with backward compatibility.
playbook: Enhance GitLab MR checklist items with show_if and check_if conditions.
playbook: Implement GitLab MR description checklist feature for custom compliance checks.
playbook: Implement named addressing for playbook pages and sections
playbook: integrate Dockle security analysis with a new policy, dedicated UI, and updated documentation.
playbook: Introduce configurable additional MR content generation from templates
playbooks: Add support for loading playbooks from remote URLs and update cookiecutters to utilize this feature.
Refactor cookiecutter templates to support both GitHub and GitLab platforms with dedicated CI configurations and documentation.
Refine scorecard reporting by updating schemas, engine logic, templates, and removing old report files.
Render error cards for all unhandled analyzer errors in the report
Replace single achieved level with a detailed summary by level in scorecard results, CLI output, and HTML report.
report: archive store and standalone archive viewer cookiecutter (#74)
report: Embed regis version into analysis reports and schema
report: implement docusaurus report viewer (#68)
report: overhaul report viewer UI with Tremor components (#70)
reports: Implement automatic versioning of analysis reports in GitLab CI and document its configuration.
review: enhance GitLab CI report delivery by committing to reports/, posting direct links to MR comments, and updating documentation.
review: enhance GitLab CI/CD to specify output filename, run site generation on the default branch, and dynamically configure Pages deployments for review apps and main branch, while updating the project backlog.
review: Expose analysis reports as Merge Request artifacts instead of deploying to Review Apps and update documentation accordingly.
review: Implement and document a self-service analysis workflow in GitLab CI, including optional report commits to the branch and dynamic Review App links.
review: Introduce automated GitLab MR labeling and conditional playbook links based on analysis outcomes.
review: use GitLab API for merge request creation to enable setting reviewers and assignees, and add curl dependency.
Set default output directory template to include the tag.
Track and display involved data analyzers for scorecard rule evaluations in the schema, engine, and HTML report.
ui: Implement a new report rendering engine with a sidebar layout and dedicated pages for various analysis results.
ui: Introduce new analyzer display templates and enhance the playbook engine to support section widgets.

🐛 Bug Fixes

Add step to re-checkout merge ref for pull requests in the Trunk workflow.
analyzers: Expose analyzer results at the root of the scorecard evaluation context and update default Trivy rules.
analyzers: prevent Skopeo analyzer from failing on index image inspection and formalize commit message guidelines.
analyzer: standardize rule names and fix analyzer validation (#62)
build: install git in Dockerfile
ci: add workflow_dispatch trigger and refine tag matching for Docker publish workflow.
ci: configure releaser-pleaser action with release token
ci: Fix broken Publish Documentation workflow
ci: fix trunk fmt conflict and resolve HTML syntax errors
ci: Reorder documentation generation steps in the CI workflow and enhance the Docusaurus report builder with improved build commands and dependency checks.
ci: robust auto-formatting and protected branch handling (#51)
ci: Update Python version to 3.14 in test workflow.
cli: resolve bootstrap command failure in Docker image (#46)
Correct malformed versions.json and add a workflow step to validate and reset it if corrupted.
Correct relative path for the "Understand Playbooks" guide link in the default playbook overview.
docker: address permission denied errors in Docker by setting user UID/GID, ensuring directory writability, and adding a report output fallback.
docker: Resolve Docker container permission issues by creating a home directory for the regis user and setting report directory permissions, and update the analysis workflow.
docs: Add base URL configuration for Docusaurus reports and update workflow output directory.
docs: corrupted versions.json
gitlab: Fix report generation path
gitlab: Improve GitLab CI report path handling
Prevent AttributeError in scorecard link processing by adding type checks and update regis workflow flags to long form.
Remove --force from Docusaurus versioning in CI and correct versions.json format.
Remove redundant entries from versions.json.
Resolve Trunk Check HEAD^2 error by adjusting git checkout depth and auto-commit logic in the lint workflow.
schema: add missing fields to trivy schema and fix id resolution
template: add missing format_number Jinja2 filter
Trunk pipeline
Versions...

📚 Documentation

Add a comprehensive architectural overview, update documentation structure, and refine the GitLab CI template.
Add and update generated static assets and reports for regis and alpine playbook examples.
Add documentation for the default playbook, detailing its rules and report organization, and link it in the navigation.
Add new example report assets and update documentation pages.
Add script to generate example reports and update documentation with new report data and publishing workflow.
Add workflow step to generate rules reference documentation.
architecture: add C4 Context and Container diagrams to architecture overview (#24)
Change Docusaurus broken link handling from throw to warn.
commitmessages: add Google Blockly commit style guide link
Configure Antora to generate a documentation website for each release
Enable local search and fix broken links (#60)
Enhance GitHub Actions and GitLab CI integration guides with comprehensive examples, CI metadata, and deployment to respective pages services.
Enhance Python, CI/CD, commit message, and documentation rules with new tools, scope definitions, and process clarifications.
gitlab-workflow: add section on GitLab Review Apps for Premium/Ultimate tiers with CI/CD configuration example
Implement dynamic documentation versioning and cleanup (#58)
Implemented automated generation of schema documentation and integrate it into the Antora build workflow.
integrations: group GitLab and GitHub documentation into Integrations section (#22)
integrations: restructure integration sub-chapter and add cookiecutter tips (#23)
Migrate documentation from Antora to Docusaurus (#57)
Modernize getting started and project generation guides (#26)
Overhaul rules documentation by separating concepts from reference, introducing MDX for detailed rule listings, and updating the rules engine explanation.
playbook: Document GitLab MR checklists with conditional display and pre-checking based on analysis results.
playbook: explain how to use bootstrap playbook in documentation (#30)
README: redesign README.md and update report preview (#32)
Refine project description and branding (#37)
Refine usage and concepts documentation
Remove old versioned documentation, reorganize current docs, and introduce a new CLI reference.
Restructure documentation and update index
rules: add commit message guidelines and refine CI/CD semantic versioning and conventional commit references.
Standardize rule documentation and add concept tags (#61)
ui: enable mermaid diagram rendering
ui: use correct mermaid extension package
ui: use correct mermaid extension package in playbook
Update TIP block formatting in playbooks and add documentation versioning and CLI control to notes.
versioning: setup docusaurus versioning and generate reference docs
website: fix configuration reload errors

v0.18.1 — March 21, 2026

📚 Documentation

Add and update generated static assets and reports for regis and alpine playbook examples.

v0.18.0 — March 21, 2026

✨ Features

report: implement docusaurus report viewer (#68)
report: overhaul report viewer UI with Tremor components (#70)

🐛 Bug Fixes

ci: Reorder documentation generation steps in the CI workflow and enhance the Docusaurus report builder with improved build commands and dependency checks.

v0.17.4 — March 20, 2026

🐛 Bug Fixes

Versions...

v0.17.3 — March 20, 2026

🐛 Bug Fixes

docs: corrupted versions.json
Trunk pipeline

v0.17.2 — March 20, 2026

🐛 Bug Fixes

Correct malformed versions.json and add a workflow step to validate and reset it if corrupted.

v0.17.1 — March 20, 2026

🐛 Bug Fixes

Add step to re-checkout merge ref for pull requests in the Trunk workflow.
Remove --force from Docusaurus versioning in CI and correct versions.json format.

v0.17.0 — March 20, 2026

✨ Features

analyzers: Reusable rules and simplified rule slugs (#63)
cli: add rules list command and improve evaluator

🐛 Bug Fixes

analyzer: standardize rule names and fix analyzer validation (#62)
Correct relative path for the "Understand Playbooks" guide link in the default playbook overview.
Remove redundant entries from versions.json.
schema: add missing fields to trivy schema and fix id resolution

📚 Documentation

Add workflow step to generate rules reference documentation.
Change Docusaurus broken link handling from throw to warn.
Enable local search and fix broken links (#60)
Overhaul rules documentation by separating concepts from reference, introducing MDX for detailed rule listings, and updating the rules engine explanation.
Refine usage and concepts documentation
Remove old versioned documentation, reorganize current docs, and introduce a new CLI reference.
Restructure documentation and update index
Standardize rule documentation and add concept tags (#61)
versioning: setup docusaurus versioning and generate reference docs
website: fix configuration reload errors

v0.16.0 — March 20, 2026

✨ Features

ci: automate trunk fmt and auto-commit in CI (#48)
cli/bootstrap: display post-install notes after bootstrap (#52)
Implement Playbook Tiers, Dynamic Badges and restore multi-page reporting (#56)

🐛 Bug Fixes

ci: fix trunk fmt conflict and resolve HTML syntax errors
ci: robust auto-formatting and protected branch handling (#51)
ci: Update Python version to 3.14 in test workflow.
cli: resolve bootstrap command failure in Docker image (#46)
Resolve Trunk Check HEAD^2 error by adjusting git checkout depth and auto-commit logic in the lint workflow.

📚 Documentation

Implement dynamic documentation versioning and cleanup (#58)
Migrate documentation from Antora to Docusaurus (#57)

v0.15.0 — March 11, 2026

✨ Features

ci: add OCI image labels to Dockerfile (#39)
ci: add standard OCI annotations to Dockerfile (#43) (#40)
ci: allow Docker authentication to prevent rate limits (#45)

v0.14.2 — March 5, 2026

📚 Documentation

Refine project description and branding (#37)

v0.14.1 — March 5, 2026

📚 Documentation

README: redesign README.md and update report preview (#32)

v0.14.0 — March 5, 2026

✨ Features

ci: migrate linting to trunk and add mypy/hadolint (#29)
cli: refactor generate to bootstrap command group (#28)

📚 Documentation

Modernize getting started and project generation guides (#26)
playbook: explain how to use bootstrap playbook in documentation (#30)

v0.13.0 — March 5, 2026

✨ Features

analyzer/versioning: implement digest-based reporting and release lines hierarchy (#21)
ci: implement gitlab subcommand for CI workflow (#18)

📚 Documentation

architecture: add C4 Context and Container diagrams to architecture overview (#24)
integrations: group GitLab and GitHub documentation into Integrations section (#22)
integrations: restructure integration sub-chapter and add cookiecutter tips (#23)

v0.12.0 — March 5, 2026

✨ Features

playbook: add support for multiple titled GitLab MR description checklists with backward compatibility.

🐛 Bug Fixes

gitlab: Improve GitLab CI report path handling
template: add missing format_number Jinja2 filter

v0.11.0 — March 5, 2026

✨ Features

cli: Add CLI command to check image manifest accessibility. Use it to prevent bogus requests.
playbook: Introduce configurable additional MR content generation from templates

📚 Documentation

playbook: Document GitLab MR checklists with conditional display and pre-checking based on analysis results.

v0.10.0 — March 4, 2026

✨ Features

analyzer/size: add layer digest to the size analysis output for individual layers
ci: Add a configurable playbook URL input to GitLab CI/CD.
ci: make regis image version configurable in generated GitLab CI.
gitlab: append review checklist from report.json to merge request descriptions and unquote $REGIS_CLI_IMAGE in CI.
playbook: Enhance GitLab MR checklist items with show_if and check_if conditions.

🐛 Bug Fixes

gitlab: Fix report generation path

v0.9.0 — March 4, 2026

✨ Features

playbook: Implement GitLab MR description checklist feature for custom compliance checks.

🐛 Bug Fixes

ci: Fix broken Publish Documentation workflow

v0.8.0 — March 4, 2026

✨ Features

analyzer/dockle: add Dockle analyzer for container image security and best practices linting with supporting schema, tests, and documentation.
playbook: Implement named addressing for playbook pages and sections
playbook: integrate Dockle security analysis with a new policy, dedicated UI, and updated documentation.

📚 Documentation

Add script to generate example reports and update documentation with new report data and publishing workflow.
Configure Antora to generate a documentation website for each release
Implemented automated generation of schema documentation and integrate it into the Antora build workflow.

v0.7.0 — February 23, 2026

✨ Features

Add --cache option to the analyze command to load and use an existing report.json, skipping re-analysis.
Add --theme option for HTML report generation and ignore the /reports directory
Add Dockerfile and GitHub Actions workflow for building and publishing regis Docker images.
Add domain-trusted scorecard
Add extensive test coverage for analyzers and core components, integrate Ruff linter, and refine Skopeo schema.
Add GitHub Actions workflows for Super-Linter and automated releases.
Add Hadolint analyzer to lint Dockerfiles and display results.
Add initial HTML report for image health scores generated by regis.
Add Skopeo analyzer and refactor versioning analyzer to use Skopeo for tag listing.
Add support for multiple output formats and templated output paths for the run command.
Add support for passing metadata via CLI to reports and update report schema.
Add support for templated links in scorecards and reports
Add time formatting and recursive metadata rendering to improve report request details display.
Add user and digest extraction and display to Skopeo image analysis.
Add variant detection and reporting to the versioning analyzer
analyzers: Enable private registry authentication for Trivy-based analyzers and update documentation.
ci: introduce GitLab CI workflow for image analysis with MR-driven triggers and review app deployments.
cli: Implement generate command with cookiecutter for project scaffolding and update project templates.
cli: Implement a CLI version command, refactor importlib.metadata imports, and update tests and GitLab CI artifact handling.
Configure Antora Mermaid extension with a specific library URL and script stem.
cookiecutter: integrate GitHub Actions metadata into analysis reports for improved traceability and remove unused scorecard levels.
cookiecutter: introduce Cookiecutter template for bootstrapping new image analysis projects with documentation, workflows, and default scorecards.
cookiecutter: Introduce Cookiecutter template for project bootstrapping and add its comprehensive usage guide, refining the template's analysis workflow input.
Display structured analyzer errors in the UI and store them in reports.
doc: Add 'Get Started' and 'Understand Playbooks' documentation pages and update navigation.
docs: initialize Antora documentation
Dynamically set cookiecutter image URL and simplify release-please extra-files configuration.
Embed regis version in analysis reports and update cookiecutter image URLs.
Enhance default playbook overview with new recommendation and compliance widgets and update widget styling.
Enhance registry credential resolution by normalizing Docker Hub aliases and remove the score.html report file.
Enhance report output with per-scorecard HTML files, slug support, and improved file writing logic.
Enhance scorecard rule evaluation to track missing data, provide detailed condition stringification, and include rule tags in results and UI.
Enhance Trivy report display for multiple targets and refine report layout with dedicated sections for links and scorecards.
Implement conditional widget rendering, add new widget styling options including alignment and subvalues, and introduce new CSS for recommendations and header elements.
Implement flexible registry credential resolution via new --auth CLI option and dedicated module
Implement registry authentication using environment variables and add new tests.
Initialize regis project with image analysis, scorecard engine, schema validation, and comprehensive project setup.
Integrate scorecard evaluation directly into the analyze command, supporting multiple custom scorecards, and remove the dedicated score command.
Introduce new HTML report structure and styling with updated templates and CSS.
Introduce OpenSSF Scorecard, Freshness, and Popularity analyzer reports with supporting configuration and robustness improvements.
Introduce SBOM analysis using Trivy and CycloneDX, replacing the license analyzer.
Introduce scorecard pages to group sections and add new size and versioning analyzers.
Introduce section-based scorecards with a new schema and remove the dependency analyzer.
playbooks: Add support for loading playbooks from remote URLs and update cookiecutters to utilize this feature.
Refactor cookiecutter templates to support both GitHub and GitLab platforms with dedicated CI configurations and documentation.
Refine scorecard reporting by updating schemas, engine logic, templates, and removing old report files.
Render error cards for all unhandled analyzer errors in the report
Replace single achieved level with a detailed summary by level in scorecard results, CLI output, and HTML report.
report: Embed regis version into analysis reports and schema
reports: Implement automatic versioning of analysis reports in GitLab CI and document its configuration.
review: enhance GitLab CI report delivery by committing to reports/, posting direct links to MR comments, and updating documentation.
review: enhance GitLab CI/CD to specify output filename, run site generation on the default branch, and dynamically configure Pages deployments for review apps and main branch, while updating the project backlog.
review: Expose analysis reports as Merge Request artifacts instead of deploying to Review Apps and update documentation accordingly.
review: Implement and document a self-service analysis workflow in GitLab CI, including optional report commits to the branch and dynamic Review App links.
review: Introduce automated GitLab MR labeling and conditional playbook links based on analysis outcomes.
review: use GitLab API for merge request creation to enable setting reviewers and assignees, and add curl dependency.
Set default output directory template to include the tag.
Track and display involved data analyzers for scorecard rule evaluations in the schema, engine, and HTML report.
ui: Implement a new report rendering engine with a sidebar layout and dedicated pages for various analysis results.
ui: Introduce new analyzer display templates and enhance the playbook engine to support section widgets.

🐛 Bug Fixes

analyzers: Expose analyzer results at the root of the scorecard evaluation context and update default Trivy rules.
analyzers: prevent Skopeo analyzer from failing on index image inspection and formalize commit message guidelines.
build: install git in Dockerfile
ci: add workflow_dispatch trigger and refine tag matching for Docker publish workflow.
ci: configure releaser-pleaser action with release token
docker: address permission denied errors in Docker by setting user UID/GID, ensuring directory writability, and adding a report output fallback.
docker: Resolve Docker container permission issues by creating a home directory for the regis user and setting report directory permissions, and update the analysis workflow.
Prevent AttributeError in scorecard link processing by adding type checks and update regis workflow flags to long form.

📚 Documentation

Add a comprehensive architectural overview, update documentation structure, and refine the GitLab CI template.
Add documentation for the default playbook, detailing its rules and report organization, and link it in the navigation.
Add new example report assets and update documentation pages.
commitmessages: add Google Blockly commit style guide link
Enhance GitHub Actions and GitLab CI integration guides with comprehensive examples, CI metadata, and deployment to respective pages services.
Enhance Python, CI/CD, commit message, and documentation rules with new tools, scope definitions, and process clarifications.
gitlab-workflow: add section on GitLab Review Apps for Premium/Ultimate tiers with CI/CD configuration example
rules: add commit message guidelines and refine CI/CD semantic versioning and conventional commit references.
ui: enable mermaid diagram rendering
ui: use correct mermaid extension package
ui: use correct mermaid extension package in playbook
Update TIP block formatting in playbooks and add documentation versioning and CLI control to notes.

v0.6.0 — February 21, 2026

✨ Features

docs: initialize Antora documentation
Add Dockerfile and GitHub Actions workflow for building and publishing regis Docker images.
Add GitHub Actions workflows for Super-Linter and automated releases.
Add --cache option to the analyze command to load and use an existing report.json, skipping re-analysis.
Add user and digest extraction and display to Skopeo image analysis.
Add Skopeo analyzer and refactor versioning analyzer to use Skopeo for tag listing.
Add Hadolint analyzer to lint Dockerfiles and display results.
Introduce scorecard pages to group sections and add new size and versioning analyzers.
Enhance Trivy report display for multiple targets and refine report layout with dedicated sections for links and scorecards.
Add support for templated links in scorecards and reports
Introduce SBOM analysis using Trivy and CycloneDX, replacing the license analyzer.
Introduce section-based scorecards with a new schema and remove the dependency analyzer.
Introduce OpenSSF Scorecard, Freshness, and Popularity analyzer reports with supporting configuration and robustness improvements.
Render error cards for all unhandled analyzer errors in the report
Add --theme option for HTML report generation and ignore the /reports directory
Set default output directory template to include the tag.
Replace single achieved level with a detailed summary by level in scorecard results, CLI output, and HTML report.
Display structured analyzer errors in the UI and store them in reports.
Track and display involved data analyzers for scorecard rule evaluations in the schema, engine, and HTML report.
Add support for multiple output formats and templated output paths for the run command.
Introduce new HTML report structure and styling with updated templates and CSS.
Integrate scorecard evaluation directly into the analyze command, supporting multiple custom scorecards, and remove the dedicated score command.
Enhance scorecard rule evaluation to track missing data, provide detailed condition stringification, and include rule tags in results and UI.
Enhance registry credential resolution by normalizing Docker Hub aliases and remove the score.html report file.
Implement flexible registry credential resolution via new --auth CLI option and dedicated module
Add support for passing metadata via CLI to reports and update report schema.
Add initial HTML report for image health scores generated by regis.
Add variant detection and reporting to the versioning analyzer
Add domain-trusted scorecard
Implement registry authentication using environment variables and add new tests.
Initialize regis project with image analysis, scorecard engine, schema validation, and comprehensive project setup.

🐛 Bug Fixes

analyzers: prevent Skopeo analyzer from failing on index image inspection and formalize commit message guidelines.

📚 Documentation

Add a comprehensive architectural overview, update documentation structure, and refine the GitLab CI template.
Add documentation for the default playbook, detailing its rules and report organization, and link it in the navigation.
Add new example report assets and update documentation pages.
commitmessages: add Google Blockly commit style guide link
Enhance GitHub Actions and GitLab CI integration guides with comprehensive examples, CI metadata, and deployment to respective pages services.
Enhance Python, CI/CD, commit message, and documentation rules with new tools, scope definitions, and process clarifications.
gitlab-workflow: add section on GitLab Review Apps for Premium/Ultimate tiers with CI/CD configuration example
rules: add commit message guidelines and refine CI/CD semantic versioning and conventional commit references.
ui: enable mermaid diagram rendering
ui: use correct mermaid extension package
ui: use correct mermaid extension package in playbook
Update TIP block formatting in playbooks and add documentation versioning and CLI control to notes.

v0.29.0 — April 22, 2026​

✨ Features​

🐛 Bug Fixes​

v0.28.6 — April 16, 2026​

🐛 Bug Fixes​

v0.28.5 — April 16, 2026​

🐛 Bug Fixes​

v0.28.4 — April 16, 2026​

🐛 Bug Fixes​

v0.28.3 — April 15, 2026​

🐛 Bug Fixes​

v0.28.3 — April 15, 2026​

🐛 Bug Fixes​

v0.28.2 — April 10, 2026​

🐛 Bug Fixes​

v0.28.1 — April 10, 2026​

🐛 Bug Fixes​

v0.28.1 — April 10, 2026​

🐛 Bug Fixes​

v0.28.0 — April 10, 2026​

✨ Features​

🐛 Bug Fixes​

v0.27.0 — April 9, 2026​

✨ Features​

v0.26.2 — April 2, 2026​

🐛 Bug Fixes​

v0.27.0 — March 31, 2026​

✨ Features​

🐛 Bug Fixes​

🔧 Reverts​

v0.26.2 — March 31, 2026​

🐛 Bug Fixes​

v0.26.1 — March 31, 2026​

🐛 Bug Fixes​

v0.26.0 — March 31, 2026​

✨ Features​

🐛 Bug Fixes​

🔧 Reverts​

v0.25.15 — March 31, 2026​

📚 Documentation​

v0.25.14 — March 31, 2026​

📚 Documentation​

v0.25.13 — March 31, 2026​

📚 Documentation​

v0.25.12 — March 31, 2026​

📚 Documentation​

v0.25.11 — March 31, 2026​

📚 Documentation​

v0.25.10 — March 31, 2026​

📚 Documentation​

v0.25.9 — March 31, 2026​

📚 Documentation​

v0.25.8 — March 31, 2026​

📚 Documentation​

v0.25.7 — March 31, 2026​

📚 Documentation​

v0.25.6 — March 31, 2026​

📚 Documentation​

v0.25.5 — March 31, 2026​

📚 Documentation​

v0.25.4 — March 31, 2026​

📚 Documentation​

v0.25.3 — March 31, 2026​

📚 Documentation​

v0.25.2 — March 31, 2026​

📚 Documentation​

v0.25.1 — March 31, 2026​

📚 Documentation​

v0.25.0 — March 31, 2026​

✨ Features​

📚 Documentation​

v0.24.0 — March 30, 2026​

✨ Features​

📚 Documentation​

v0.23.7 — March 30, 2026​

🐛 Bug Fixes​

📚 Documentation​

v0.23.6 — March 30, 2026​

📚 Documentation​

v0.23.5 — March 30, 2026​

v0.29.0 — April 22, 2026

✨ Features

🐛 Bug Fixes

v0.28.6 — April 16, 2026

🐛 Bug Fixes

v0.28.5 — April 16, 2026

🐛 Bug Fixes

v0.28.4 — April 16, 2026

🐛 Bug Fixes

v0.28.3 — April 15, 2026

🐛 Bug Fixes

v0.28.3 — April 15, 2026

🐛 Bug Fixes

v0.28.2 — April 10, 2026

🐛 Bug Fixes

v0.28.1 — April 10, 2026

🐛 Bug Fixes

v0.28.1 — April 10, 2026

🐛 Bug Fixes

v0.28.0 — April 10, 2026

✨ Features

🐛 Bug Fixes

v0.27.0 — April 9, 2026

✨ Features

v0.26.2 — April 2, 2026

🐛 Bug Fixes

v0.27.0 — March 31, 2026

✨ Features

🐛 Bug Fixes

🔧 Reverts

v0.26.2 — March 31, 2026

🐛 Bug Fixes

v0.26.1 — March 31, 2026

🐛 Bug Fixes

v0.26.0 — March 31, 2026

✨ Features

🐛 Bug Fixes

🔧 Reverts

v0.25.15 — March 31, 2026

📚 Documentation

v0.25.14 — March 31, 2026

📚 Documentation

v0.25.13 — March 31, 2026

📚 Documentation

v0.25.12 — March 31, 2026

📚 Documentation

v0.25.11 — March 31, 2026

📚 Documentation

v0.25.10 — March 31, 2026

📚 Documentation

v0.25.9 — March 31, 2026

📚 Documentation

v0.25.8 — March 31, 2026

📚 Documentation

v0.25.7 — March 31, 2026

📚 Documentation

v0.25.6 — March 31, 2026

📚 Documentation

v0.25.5 — March 31, 2026

📚 Documentation

v0.25.4 — March 31, 2026

📚 Documentation

v0.25.3 — March 31, 2026

📚 Documentation

v0.25.2 — March 31, 2026

📚 Documentation

v0.25.1 — March 31, 2026

📚 Documentation

v0.25.0 — March 31, 2026

✨ Features

📚 Documentation

v0.24.0 — March 30, 2026

✨ Features

📚 Documentation

v0.23.7 — March 30, 2026

🐛 Bug Fixes

📚 Documentation

v0.23.6 — March 30, 2026

📚 Documentation

v0.23.5 — March 30, 2026