Skip to main content

v0.1.37

DMG SHA256: 257c848ce37592699399c726ecc78955d8d9adcfb9e1c8f8c695c01b7f56243b Suppressions honoured on taint flows, broader framework coverage, fewer JS false positives
  • batou:ignore comments now correctly suppress findings on raw taint flows. Previously, taint-based findings could keep reappearing in the dashboard even after you’d added a suppress directive — the ignore comment was applied to the regex detector but not to the taint analyzer.
  • Reduced JavaScript false positives — the SQL-injection detector no longer flags Array.find/filter/forEach calls that take a callback (they’re not database queries), and the SSRF detector now distinguishes the global fetch() from .fetch() methods on ORMs and other objects.
  • Major taint-tracking expansion across 16 languages: sanitizers added for C, C#, C++, Go, Groovy, Java, JavaScript, Kotlin, Lua, Perl, Python, Rust — these let Batou recognise validated input and cut false positives across log injection, trust-boundary, eval, deserialization, SSRF, LDAP, XPath, crypto-timing, path-traversal, and XSS detection.
  • New sources for HTTP frameworks and messaging systems — Gin/Echo/Fiber and net/http (Go), OkHttp/Ktor and NIO Files (Kotlin), PSR-7/Redis/Memcached/AMQP/Kafka/YAML (PHP), stdin/env/httpz/zap (Zig), WebSocket/Redis/CloudKit (Swift), Firebase/Redis (Kotlin), Azure/RabbitMQ/Kafka/AWS SQS (C#), HTTP clients and ORMs (Java, Ruby, Rust) — second-order injection paths through these systems are now tracked.
  • New sinks for LDAP injection (Java JNDI/Spring LDAP/UnboundID, Lua, Perl), weak crypto (C++ RC4/ECB/Blowfish, Perl), command injection (Lua FFI/POSIX/Penlight/luv), XSS and template injection (Ruby), embedded VM/eval (Go), trust-boundary and redirect/header injection (Go, Perl), and deserialization (C JSON/XML/msgpack).

v0.1.36

DMG SHA256: 53356039255eece7533036b67e5cc5b1db773de998679b0e4923941b5cbefce5 Agent trap detection, tool output scanning, and quieter secret detection
  • 16 new detection rules (INJ-21..36) for AI agent trap patterns — content injection, behavioural control, cognitive-state manipulation, and human-in-the-loop attacks. Based on the Franklin et al. (2026) taxonomy.
  • Prompt injection, secret detection, and agent trap rules now scan the content returned by Bash, WebFetch, and WebSearch. Previously, tool output was bypassing content scanning and leaving the primary prompt-injection attack surface uncovered.
  • Quieter secret scanning — the entropy detector no longer flags file paths, import paths, or dotted identifier chains on shell command output as secrets. Pattern-based detection for AWS keys, Stripe, GitHub PATs, private keys, and other high-confidence formats remains fully active.
  • Expanded Batou SAST taint tracking across C, C++, C#, Go, Java, JavaScript, Kotlin, Python, and Zig — new file-read, SSRF, deserialisation, and framework-specific sources and sinks catch path traversal and injection bugs that previously went undetected.
  • Batou dashboard now stays in sync with what the agent sees — low-confidence findings no longer appear as “Top Active Risks” when the agent has been told the code is clean.
  • New turen-watchdog checkin subcommand triggers the running daemon to immediately sync policy, org config, and update availability with the API instead of waiting for the next 5-minute interval. Supports --json for scripting.
  • Fixed a beta-channel version comparison bug that could cause agents on beta.10 or higher to silently downgrade to beta.2, and improved macOS installer error reporting when registration-key validation fails.

v0.1.35

DMG SHA256: 2e4708f7a59bd8192a0ac961a24fb3c79042c002ea038739e91d04935b2baf29 Suppress directives no longer blocked by existing findings
  • Fixed a deadlock where pre-existing blocking findings prevented agents from adding batou:ignore comments to the same file. Edits that only add suppress directives now go through, so agents can resolve blocked findings without manual intervention.

v0.1.34

DMG SHA256: 6980874224641dcea0996b3cf05f5f0ec9db024cc7bcc4eead11faed4cca2c7b Batou scanning outside git repos
  • Batou now works correctly when scanning files outside a git repository. Previously, findings and suppression data could be written to unexpected locations — they’re now stored alongside the scanned file.
  • Fixed a bug where batou:ignore comments with preprocessor directives (e.g., in JSX or templated files) could fail to match the correct line, causing valid suppressions to be ignored.

v0.1.33

DMG SHA256: 30385bd917c7ab8216d0201ae8bdaf9d6e88acb688507a1d9a846473e67e3f41 Smarter suppression handling and ORM taint tracking
  • The agent now prefers fixing a finding over suppressing it. When a batou:ignore comment is added, the agent will suggest a code fix first and only suppress if you confirm.
  • Category-based suppression (batou:ignore injection, batou:ignore xss) now works reliably across all 45 rule categories.
  • Batou’s taint analysis now tracks data flow through 12 popular ORMs (Sequelize, Prisma, SQLAlchemy, GORM, and others), catching SQL injection and query-building vulnerabilities that previously went undetected.
  • Suppressed findings no longer reappear as new issues in the dashboard — their lifecycle status is now tracked correctly through rescans.
  • Improved risk scoring — blocking decisions now use a single risk score combining severity and detection confidence, reducing noise from low-confidence findings.

v0.1.32

DMG SHA256: 6c45cab6cec226041f9c55d80691c34fda8e8b87d8209e0288d63bbbc2b534f8 Improved Batou communication and rule adherence
  • Batou SAST findings now reliably appear in the AI agent’s context during coding sessions. Previously, some findings could be silently dropped before reaching the agent — this is now fixed.
  • The agent automatically provides Claude with clear instructions on how to handle Batou findings (fix the issue or ask the user before suppressing), improving compliance with your org’s security policies.
  • Startup recovery — if a previous update failed mid-apply, the agent now detects the incomplete state on next launch and automatically restores from the last known-good version.

v0.1.31

DMG SHA256: fbdbef9c894e005f77447812a55ec0f83b27ca5a23c8dd3fa3141b419691f8d4 Auto-updates with rollback
  • The Turen agent now updates itself automatically. When a new version is available, the agent downloads, verifies, and applies the update — no manual reinstall required.
  • If an update fails or the new version doesn’t start correctly, the agent automatically rolls back to the previous working version.
  • Admins can control update behavior from the dashboard — choose a release channel (production, beta, or alpha), set a version offset to stay behind the latest release, or pin to a specific version. See Update Channel Settings.

v0.1.30

DMG SHA256: 4b8155bff2ed3f241c6bb71261dccc84325c0717c8016b81b3cb5ef2c437eb8d SAST suppression fix
  • Fixed a bug where findings marked as Fixed or Suppressed via batou:ignore comments could still incorrectly trigger a block. Suppressed and fixed findings are now correctly skipped during blocking decisions.

v0.1.29

DMG SHA256: 07d17690eb050f97da47bb98b8311c6b96aed4e4743d30dc2cd73ae8dc5f241e SAST finding lifecycle tracking
  • Batou SAST findings now track their full lifecycle — Active, Fixed, Suppressed, and Blocked statuses are reported to the dashboard, so you can see how findings are resolved over time.
  • Fixed and suppressed findings are now visible in the dashboard’s Issue Resolution view.

v0.1.28

DMG SHA256: 5e2cc5f6ab5566e0560ee56c9740509aac08844a56aa742e037aa1035a989d3e SAST reliability improvements
  • Improved accuracy of finding lifecycle status (Active, Fixed, Suppressed) so the dashboard correctly reflects the current state of each finding.
  • Reduced false positives in scan results.

v0.1.27

DMG SHA256: 1acec9879ab06423f4cdcae263d862b3fa7a2059d466987b57c798461df145de SAST finding resolution tracking
  • Batou SAST findings now carry lifecycle metadata (Active, Fixed, Suppressed), enabling the dashboard to show which findings have been addressed and which are still open.

v0.1.26

DMG SHA256: da7e7d33cfe556ac092309c4824d006383b9d2193d2cc6193141b5d3c5e99e72 Malware detection
  • turen-pkg now detects packages with known malware advisories (MAL-*) and automatically blocks them at CRITICAL severity. Malware status is visible in the dashboard and package evaluation output.

v0.1.25

DMG SHA256: 29ec862963483ff9720cf60aabba5fe319fcc41a96b2b269f01d0a11bb95b386 PostToolUse hooks and timeout increase
  • Batou SAST now runs on both PreToolUse (can block writes) and PostToolUse (provides hints after execution), giving broader coverage for real-time code scanning.
  • Hook timeout increased from 10s to 30s to match the open-source Batou engine and prevent premature timeouts on larger scans.
  • Uninstaller now cleans up hooks from all Claude Code event types (PreToolUse, PostToolUse, UserPromptSubmit) and removes the managed CLAUDE.md section.

v0.1.24

DMG SHA256: 0f92f1b9f19b22e180afd6e9bdaa761f5236378ebc9f155e984c37a6b502a21f Batou SAST integration
  • The Turen agent now includes Batou, a real-time static analysis engine that scans code as it’s written by AI coding agents.
  • Findings are evaluated against org-configured thresholds (severity, confidence) and can block or warn inline.
  • Individual rules can be disabled per-org from the dashboard.
  • Scan results and findings are reported to the Turen platform for dashboard visibility.

v0.1.22

DMG SHA256: 3b13dab4ca2e0a97103b3ac9319031eca16238d9616a53a80cf273bd9a9e263b Watchdog diagnose command and session resync
  • New turen-watchdog diagnose command runs 14 self-checks covering the full operational stack (LaunchDaemon, IPC, registration, API, proxy, Claude Code) and prints actionable recommendations for failures.
  • Session resync — if the platform detects missing sessions, the agent will re-scan and re-upload them on the next checkin.

v0.1.21

DMG SHA256: c7d3a76398fecddf2e423b12c39ca5ade78276e51e6a7420f9b0589484f0ac2d Installer improvements
  • Installer now restricts to system-wide (LaunchDaemon) installation only, preventing permission issues with per-user LaunchAgent installs.

v0.1.20

DMG SHA256: 955b883b157c9729c2c6519cf3c0d85a711b973263b1d4a691927aafac70ccac Uninstall app bundle for notarization
  • Wrapped Uninstall.command in a proper .app bundle so macOS Gatekeeper no longer blocks the uninstaller after notarization.
  • Uninstall script now cleans up hooks from all Claude Code event types (PreToolUse, UserPromptSubmit), not just PreToolUse.

v0.1.18

DMG SHA256: a337bb692bb46ea1f438b6041f73762d9db9cfbcf910826ba1ee28454a69de87 Uninstaller and allowlist improvements
  • Fixed uninstaller to properly clean up the root LaunchDaemon, IPC socket, and Claude Code managed settings.
  • Allowlisted packages now correctly bypass all downstream policy checks — previously a block or review from a later check could override the allowlist.
  • Removed leftover classifier integration code from the rules engine and telemetry.

v0.1.17

DMG SHA256: f2e8cffd34e989f8fc32e74fff8283638c7b281e98127cb4cef76374d93f8580 Smarter remediation hints
  • Block and review messages now include targeted remediation guidance based on the specific policy violation — scorecard, vulnerabilities, license, blocklist, provenance, new package, or missing signals.
  • Hints include actionable next steps like adding to the allowlist or using TUREN_ALLOW_REVIEW=1 to override review decisions.

v0.1.16

DMG SHA256: fe3bb90d518e0a02023cc3bf3e29e7879be614f1d7c9f05182a174bb973774c2 Watchdog reliability and richer event data
  • Fixed proxy health recovery so crashed proxies are automatically restarted instead of leaving the agent in a broken state.
  • Stuck proxy processes are now detected and killed on startup.
  • Bulk installs now emit per-package events with full signal metadata (scorecard, vulnerabilities, licenses), making each blocked or reviewed package individually visible in the dashboard.
  • Seamless upgrades — the installer now skips the registration dialog when the agent is already registered.

v0.1.15

DMG SHA256: ba547207d66a266c95ffebadaab1914aeb9b98613f0af1354c1a13905576c7bd Pre-install auditing for bulk installs
  • Running npm install (or pip install -r requirements.txt, etc.) now audits all direct dependencies before the install runs, matching the behavior of explicit installs. Previously, packages were installed first and audited after.
  • Removed the experimental classifier feature. Package security decisions are now fully handled by the policy engine and rules.