v0.2.0
| Asset | SHA256 |
|---|---|
| macOS DMG | 3810e29d7b030ecd7d95fbacc549c14b1538e028408a0ad8a5f5975911016331 |
Linux .deb (amd64) | c4172e66ba8ea25bccaecece5d787e4eddf38cce90446ec6391709cfe195c70b |
Linux .deb (arm64) | 2badd9145709d97d9273ca0cac4f0929a5daf7438a6dc0666ae29d27ef04f9de |
Linux .rpm (x86_64) | 91ade8f478c642201e25e3d47cbd3d0e2d4a728b8149a109dddb06ccf34543f4 |
Linux .rpm (aarch64) | 310d08d4faa6e9ecad37067808c64af1823aaf0f1cb48d7ee0b770e707110b37 |
| Windows MSI (amd64) | f2542d5e88b361fb37877d6edd0cca2d9e5dbce45ebef006b3057e84b2f0a127 |
| Windows MSI (arm64) | fe2e41eb83a865bb982c4f1623ee255795f3a1e039aa970241f24b6b2ccab4d4 |
- Turen now runs on Windows 11 on both amd64 and arm64. Authenticode-signed
.msiinstallers are available from the Downloads section of the dashboard. See the new Windows installation guide for details. - The installer registers
turen-watchdogas a Windows Service that starts on boot, drops binaries into%ProgramFiles%\Turen, and configures Claude Code automatically: same one-shot install experience as macOS and Linux. - Claude Code hooks fire on both Bash and PowerShell on Windows, so package-install policy and Batou findings work the same way regardless of which shell Claude Code chooses.
- Auto-updates work in place on Windows: the agent updates itself, verifies the new build’s signature, and rolls back if the new version fails to start.
v0.1.45
| Asset | SHA256 |
|---|---|
| macOS DMG | 5b61ec5f78df4c43fc14c7d775474c7fd26eb70e3c0cd2de703f6c2360b80f4a |
Linux .deb (amd64) | 8f7f4a48aa46f0b67d8e1e207e510ec9a44e739aa2a0883e21ae0e9ce70137d5 |
Linux .deb (arm64) | 3250a00ba73fd418924ef5e2263db151b2187737106fb5f108d94bf5b763b227 |
Linux .rpm (x86_64) | 2cedc4197642030c2c330cff7870b4d2c4e7c8248da07e6264f581f5e5ae9715 |
Linux .rpm (aarch64) | 99cf0707f21e166a7b39c4b4bad36dafc825a85261c9a685a5015a5a51e43266 |
- AI coding agents can now resolve Batou false positives inline without pausing to ask first: as long as they document their reasoning in a
batou:ignore <RULE> -- reasoncomment. Bare directives with no reason still flagBATOU-SUPPRESS-REVIEWfor human review, so accountability lives in the comment that stays in the file forever. Removes a multi-round-trip loop where agents were stalling on findings they had already correctly judged. - Fewer false positives from Batou’s suppression and CLI-tool handling:
batou:ignorecomments above multi-line Python sinks (e.g. paren-wrapped argument lists) now match the correct line, trailing inline directives no longer extend suppression to an unrelated next line, and Python CLI scripts (argparse/sys.argvflowing intopathlib.read_text) are downgraded from blocking to hint-level since the path is the tool’s interface. - Two Go AST-rule false positives fixed: AST-004 no longer matches non-crypto helper names on a substring of “crypt”, and AST-008 now recognises
WaitGroup-bounded goroutines as safely coordinated instead of flagging them as leaks. - Batou taint-tracking expansion across 13 languages: new sinks for SQL injection (Python
asyncpg/aiosqlite/databases/DuckDB/Polars, SwiftSQLite.swift, RubyPG/Mysql2), NoSQL (Clibmongoc/libbson), CQL (Gogocql, Kotlin DataStax Cassandra/ScyllaDB), server-side template injection (Groovy across Velocity/FreeMarker/Thymeleaf/Pebble/Handlebars), SSH command exec and SCP path traversal (C++libssh2/libssh), Redis script injection (C# StackExchange.Redis), Zip Slip / Tar Slip archive extraction (JavaScript), Neovim plugin command and eval (Lua), absolute-path and env-manipulation sinks (Zigstd.fs), and weak-crypto sinks (Perl MD2/MD4/Blowfish/IDEA/RC2/CAST5, Swift CryptoSwift and CommonCrypto). - New sources: HTTP-client SSRF (Java JAX-RS/Retrofit/RestTemplate), GraphQL resolver contexts (Java
DataFetchingEnvironment, Rustasync-graphql/juniper), WordPresswpdbread helpers,wp_mail, and template loaders plus 8 new WordPress sanitisers (PHP), 7 new servlet/Spring MVC CWE-501 trust-boundary sinks (Java), and task-queue producer trust-boundary flows (Python). - Hardened the Linux install flow after an internal security review: registration keys are no longer passed on the command line (where any local process could read
/proc/<pid>/cmdlineduring the brief install window), install-time state moved off/tmponto a root-owned tmpfs directory to close symlink races, and privileged directory creation now usesinstall -dinstead ofmkdir + chown + chmodso it doesn’t follow symlinks.
v0.1.44
| Asset | SHA256 |
|---|---|
| macOS DMG | e1fbb3ede5ed27faf1afcfeeb510608e8798f34381202931081d97c7f1424edc |
Linux .deb (amd64) | be8abe7993bbce1a9b994876295810cb50f7385661d7a30981e9af09a43136b9 |
Linux .deb (arm64) | c049e6d3feff7fb3645bd7bb9b511bc260064a7ec3b8a4d6524b2ef6854be813 |
Linux .rpm (x86_64) | f15cfe1c8f2e760ba2e527e1731f92fb70671e5e221770523928d1baa5a29f44 |
Linux .rpm (aarch64) | c4d1e8cee0efdeadfc53234b8cf839f797a8be60dcd3241ab286c31c43c7c588 |
- Turen now runs on Linux.
.debpackages for Ubuntu/Debian and.rpmpackages for RHEL/CentOS/Fedora are available from the Downloads section of the dashboard, on both x86_64 and arm64. See the new Linux installation guide for details. - New one-line installer for Linux (and headless macOS) at
https://downloads.turen.io/install.sh: downloads the right tarball for your architecture, verifies the checksum, drops binaries into/usr/local/bin, and wires up systemd (or launchd on macOS) so the agent starts on boot. - Auto-updates are fully supported on Linux. The agent updates itself in place without a package-manager reinstall and rolls back to the previous version if the new release fails to start: matching the existing macOS behaviour.
v0.1.38
DMG SHA256:d3d314bd720bf59d98c6db963893d02facb86978ecaa0d637246d441a56b4377
Cleaner installs and uninstalls
- Reinstalls and uninstalls now fully clean up the
turen-batoubinary and any running batou processes. Previously, the macOS uninstaller could leave the batou binary on disk, and reinstalling over a running agent could leave a stale batou process active until the next restart.
v0.1.37
DMG SHA256:257c848ce37592699399c726ecc78955d8d9adcfb9e1c8f8c695c01b7f56243b
Suppressions honoured on taint flows, broader framework coverage, fewer JS false positives
batou:ignorecomments now correctly suppress findings on raw taint flows. Previously, taint-based findings could keep reappearing in the dashboard even after you’d added a suppress directive: the ignore comment was applied to the regex detector but not to the taint analyzer.- Reduced JavaScript false positives: the SQL-injection detector no longer flags
Array.find/filter/forEachcalls that take a callback (they’re not database queries), and the SSRF detector now distinguishes the globalfetch()from.fetch()methods on ORMs and other objects. - Major taint-tracking expansion across 16 languages: sanitizers added for C, C#, C++, Go, Groovy, Java, JavaScript, Kotlin, Lua, Perl, Python, Rust: these let Batou recognise validated input and cut false positives across log injection, trust-boundary, eval, deserialization, SSRF, LDAP, XPath, crypto-timing, path-traversal, and XSS detection.
- New sources for HTTP frameworks and messaging systems: Gin/Echo/Fiber and net/http (Go), OkHttp/Ktor and NIO Files (Kotlin), PSR-7/Redis/Memcached/AMQP/Kafka/YAML (PHP), stdin/env/httpz/zap (Zig), WebSocket/Redis/CloudKit (Swift), Firebase/Redis (Kotlin), Azure/RabbitMQ/Kafka/AWS SQS (C#), HTTP clients and ORMs (Java, Ruby, Rust), second-order injection paths through these systems are now tracked.
- New sinks for LDAP injection (Java JNDI/Spring LDAP/UnboundID, Lua, Perl), weak crypto (C++ RC4/ECB/Blowfish, Perl), command injection (Lua FFI/POSIX/Penlight/luv), XSS and template injection (Ruby), embedded VM/eval (Go), trust-boundary and redirect/header injection (Go, Perl), and deserialization (C JSON/XML/msgpack).
v0.1.36
DMG SHA256:53356039255eece7533036b67e5cc5b1db773de998679b0e4923941b5cbefce5
Agent trap detection, tool output scanning, and quieter secret detection
- 16 new detection rules (INJ-21..36) for AI agent trap patterns: content injection, behavioural control, cognitive-state manipulation, and human-in-the-loop attacks. Based on the Franklin et al. (2026) taxonomy.
- Prompt injection, secret detection, and agent trap rules now scan the content returned by
Bash,WebFetch, andWebSearch. Previously, tool output was bypassing content scanning and leaving the primary prompt-injection attack surface uncovered. - Quieter secret scanning: the entropy detector no longer flags file paths, import paths, or dotted identifier chains on shell command output as secrets. Pattern-based detection for AWS keys, Stripe, GitHub PATs, private keys, and other high-confidence formats remains fully active.
- Expanded Batou SAST taint tracking across C, C++, C#, Go, Java, JavaScript, Kotlin, Python, and Zig: new file-read, SSRF, deserialisation, and framework-specific sources and sinks catch path traversal and injection bugs that previously went undetected.
- Batou dashboard now stays in sync with what the agent sees: low-confidence findings no longer appear as “Top Active Risks” when the agent has been told the code is clean.
- New
turen-watchdog checkinsubcommand triggers the running daemon to immediately sync policy, org config, and update availability with the API instead of waiting for the next 5-minute interval. Supports--jsonfor scripting. - Fixed a beta-channel version comparison bug that could cause agents on
beta.10or higher to silently downgrade tobeta.2, and improved macOS installer error reporting when registration-key validation fails.
v0.1.35
DMG SHA256:2e4708f7a59bd8192a0ac961a24fb3c79042c002ea038739e91d04935b2baf29
Suppress directives no longer blocked by existing findings
- Fixed a deadlock where pre-existing blocking findings prevented agents from adding
batou:ignorecomments to the same file. Edits that only add suppress directives now go through, so agents can resolve blocked findings without manual intervention.
v0.1.34
DMG SHA256:6980874224641dcea0996b3cf05f5f0ec9db024cc7bcc4eead11faed4cca2c7b
Batou scanning outside git repos
- Batou now works correctly when scanning files outside a git repository. Previously, findings and suppression data could be written to unexpected locations: they’re now stored alongside the scanned file.
- Fixed a bug where
batou:ignorecomments with preprocessor directives (e.g., in JSX or templated files) could fail to match the correct line, causing valid suppressions to be ignored.
v0.1.33
DMG SHA256:30385bd917c7ab8216d0201ae8bdaf9d6e88acb688507a1d9a846473e67e3f41
Smarter suppression handling and ORM taint tracking
- The agent now prefers fixing a finding over suppressing it. When a
batou:ignorecomment is added, the agent will suggest a code fix first and only suppress if you confirm. - Category-based suppression (
batou:ignore injection,batou:ignore xss) now works reliably across all 45 rule categories. - Batou’s taint analysis now tracks data flow through 12 popular ORMs (Sequelize, Prisma, SQLAlchemy, GORM, and others), catching SQL injection and query-building vulnerabilities that previously went undetected.
- Suppressed findings no longer reappear as new issues in the dashboard: their lifecycle status is now tracked correctly through rescans.
- Improved risk scoring: blocking decisions now use a single risk score combining severity and detection confidence, reducing noise from low-confidence findings.
v0.1.32
DMG SHA256:6c45cab6cec226041f9c55d80691c34fda8e8b87d8209e0288d63bbbc2b534f8
Improved Batou communication and rule adherence
- Batou SAST findings now reliably appear in the AI agent’s context during coding sessions. Previously, some findings could be silently dropped before reaching the agent: this is now fixed.
- The agent automatically provides Claude with clear instructions on how to handle Batou findings (fix the issue or ask the user before suppressing), improving compliance with your org’s security policies.
- Startup recovery: if a previous update failed mid-apply, the agent now detects the incomplete state on next launch and automatically restores from the last known-good version.
v0.1.31
DMG SHA256:fbdbef9c894e005f77447812a55ec0f83b27ca5a23c8dd3fa3141b419691f8d4
Auto-updates with rollback
- The Turen agent now updates itself automatically. When a new version is available, the agent downloads, verifies, and applies the update: no manual reinstall required.
- If an update fails or the new version doesn’t start correctly, the agent automatically rolls back to the previous working version.
- Admins can control update behavior from the dashboard: choose a release channel (production, beta, or alpha), set a version offset to stay behind the latest release, or pin to a specific version. See Update Channel Settings.
v0.1.30
DMG SHA256:4b8155bff2ed3f241c6bb71261dccc84325c0717c8016b81b3cb5ef2c437eb8d
SAST suppression fix
- Fixed a bug where findings marked as Fixed or Suppressed via
batou:ignorecomments could still incorrectly trigger a block. Suppressed and fixed findings are now correctly skipped during blocking decisions.
v0.1.29
DMG SHA256:07d17690eb050f97da47bb98b8311c6b96aed4e4743d30dc2cd73ae8dc5f241e
SAST finding lifecycle tracking
- Batou SAST findings now track their full lifecycle: Active, Fixed, Suppressed, and Blocked statuses are reported to the dashboard, so you can see how findings are resolved over time.
- Fixed and suppressed findings are now visible in the dashboard’s Issue Resolution view.
v0.1.28
DMG SHA256:5e2cc5f6ab5566e0560ee56c9740509aac08844a56aa742e037aa1035a989d3e
SAST reliability improvements
- Improved accuracy of finding lifecycle status (Active, Fixed, Suppressed) so the dashboard correctly reflects the current state of each finding.
- Reduced false positives in scan results.
v0.1.27
DMG SHA256:1acec9879ab06423f4cdcae263d862b3fa7a2059d466987b57c798461df145de
SAST finding resolution tracking
- Batou SAST findings now carry lifecycle metadata (Active, Fixed, Suppressed), enabling the dashboard to show which findings have been addressed and which are still open.
v0.1.26
DMG SHA256:da7e7d33cfe556ac092309c4824d006383b9d2193d2cc6193141b5d3c5e99e72
Malware detection
- turen-pkg now detects packages with known malware advisories (MAL-*) and automatically blocks them at CRITICAL severity. Malware status is visible in the dashboard and package evaluation output.
v0.1.25
DMG SHA256:29ec862963483ff9720cf60aabba5fe319fcc41a96b2b269f01d0a11bb95b386
PostToolUse hooks and timeout increase
- Batou SAST now runs on both PreToolUse (can block writes) and PostToolUse (provides hints after execution), giving broader coverage for real-time code scanning.
- Hook timeout increased from 10s to 30s to match the open-source Batou engine and prevent premature timeouts on larger scans.
- Uninstaller now cleans up hooks from all Claude Code event types (PreToolUse, PostToolUse, UserPromptSubmit) and removes the managed CLAUDE.md section.
v0.1.24
DMG SHA256:0f92f1b9f19b22e180afd6e9bdaa761f5236378ebc9f155e984c37a6b502a21f
Batou SAST integration
- The Turen agent now includes Batou, a real-time static analysis engine that scans code as it’s written by AI coding agents.
- Findings are evaluated against org-configured thresholds (severity, confidence) and can block or warn inline.
- Individual rules can be disabled per-org from the dashboard.
- Scan results and findings are reported to the Turen platform for dashboard visibility.
v0.1.22
DMG SHA256:3b13dab4ca2e0a97103b3ac9319031eca16238d9616a53a80cf273bd9a9e263b
Watchdog diagnose command and session resync
- New
turen-watchdog diagnosecommand runs 14 self-checks covering the full operational stack (LaunchDaemon, IPC, registration, API, proxy, Claude Code) and prints actionable recommendations for failures. - Session resync: if the platform detects missing sessions, the agent will re-scan and re-upload them on the next checkin.
v0.1.21
DMG SHA256:c7d3a76398fecddf2e423b12c39ca5ade78276e51e6a7420f9b0589484f0ac2d
Installer improvements
- Installer now restricts to system-wide (LaunchDaemon) installation only, preventing permission issues with per-user LaunchAgent installs.
v0.1.20
DMG SHA256:955b883b157c9729c2c6519cf3c0d85a711b973263b1d4a691927aafac70ccac
Uninstall app bundle for notarization
- Wrapped
Uninstall.commandin a proper.appbundle so macOS Gatekeeper no longer blocks the uninstaller after notarization. - Uninstall script now cleans up hooks from all Claude Code event types (PreToolUse, UserPromptSubmit), not just PreToolUse.
v0.1.18
DMG SHA256:a337bb692bb46ea1f438b6041f73762d9db9cfbcf910826ba1ee28454a69de87
Uninstaller and allowlist improvements
- Fixed uninstaller to properly clean up the root LaunchDaemon, IPC socket, and Claude Code managed settings.
- Allowlisted packages now correctly bypass all downstream policy checks: previously a block or review from a later check could override the allowlist.
- Removed leftover classifier integration code from the rules engine and telemetry.
v0.1.17
DMG SHA256:f2e8cffd34e989f8fc32e74fff8283638c7b281e98127cb4cef76374d93f8580
Smarter remediation hints
- Block and review messages now include targeted remediation guidance based on the specific policy violation: scorecard, vulnerabilities, license, blocklist, provenance, new package, or missing signals.
- Hints include actionable next steps like adding to the allowlist or using
TUREN_ALLOW_REVIEW=1to override review decisions.
v0.1.16
DMG SHA256:fe3bb90d518e0a02023cc3bf3e29e7879be614f1d7c9f05182a174bb973774c2
Watchdog reliability and richer event data
- Fixed proxy health recovery so crashed proxies are automatically restarted instead of leaving the agent in a broken state.
- Stuck proxy processes are now detected and killed on startup.
- Bulk installs now emit per-package events with full signal metadata (scorecard, vulnerabilities, licenses), making each blocked or reviewed package individually visible in the dashboard.
- Seamless upgrades: the installer now skips the registration dialog when the agent is already registered.
v0.1.15
DMG SHA256:ba547207d66a266c95ffebadaab1914aeb9b98613f0af1354c1a13905576c7bd
Pre-install auditing for bulk installs
- Running
npm install(orpip install -r requirements.txt, etc.) now audits all direct dependencies before the install runs, matching the behavior of explicit installs. Previously, packages were installed first and audited after. - Removed the experimental classifier feature. Package security decisions are now fully handled by the policy engine and rules.