EDITH
Start
Changelog · updated 2026-05-23

Everything we shipped.

A running log of EDITH releases — new checks, framework support, integrations, fixes. Honest about what's broken and what's new.

v1.0.02026-05-23Public launch

v1.0 — Public launch

151 deterministic checks · 5 compliance frameworks · DevTools panel.

  • NEWAdded v4 check pack — 76 new deterministic checks targeting AI-agent footguns (LLM cost-leaks, React 19 patterns, auth flows, file uploads, accessibility).
  • NEWCompliance now covers PCI-DSS 4.0, SOC 2 CC, GDPR, Google Play Store, Apple App Store — 62 controls, 295+ check↔control mappings.
  • NEWDevTools panel — live Network + Console capture inside Chrome DevTools, with EDITH findings annotated inline per request.
  • NEWAI-tool fingerprinting — detects Cursor, Claude Code, v0, Lovable, Bolt, Windsurf, Replit per file and runs tool-specific rules.
  • IMPReworked the landing experience with the live-audit pipeline preview, animated coverage grid, and AI-aware orbital section.
v0.6.02026-05-19

Browser extension v0.6

  • NEWChrome extension rebuilt with React + Vite + MagicUI. Live page audit, score pill, history drawer, account sync.
  • NEWDevTools panel registered as a peer tab next to Console / Network — full request/response capture and live PII detection.
  • IMPCookie + header inspection now reports CSP, HSTS, SameSite, Secure, HttpOnly inline with severity.
  • FIXPatched the React 19 hydration warning caused by motion's useMotionValue in the popup hero.
v0.5.02026-05-12

Custom rules + MCP server

  • NEWedith.config.json — define project-specific checks via regex, AST predicates, or LLM-backed prompts.
  • NEWMCP server at /api/mcp — Claude Code / Cursor / Windsurf can call EDITH tools (run-scan, get-issues, get-score) over JSON-RPC.
  • IMPPR comment now collapses by severity and includes a 'Copy fix prompt' button per finding.
v0.4.02026-05-05

v3 deep checks + compliance v2

  • NEWAdded 20 v3 deep checks — SSRF, prototype pollution, JWT none algorithm, ReDoS, hallucinated imports, env-var typo detection.
  • NEWCompliance mapping expanded to 51 controls across PCI-DSS, SOC 2, GDPR, Play Store, App Store.
  • IMPCompliance dashboard now shows per-framework percentages and per-control evidence.
v0.3.02026-04-22

Drift detection + activity feed

  • NEWDrift alerts — EDITH compares each new scan to the previous and flags newly-introduced issues per commit.
  • NEWActivity feed across repos with author, severity, and finding count.
  • FIXInngest v4 — corrected trigger config (now an array inside the first arg).
v0.2.02026-04-08

Async scans + AI-pattern checker

  • NEWScans now run via Inngest workers — webhook returns 202, scan completes in background, PR comment fires on completion.
  • NEWAI-pattern checks — silent catch blocks, stub routes, placeholder pages, FIXME/HACK comments, console.log in prod.
  • IMPts-morph project now built in-memory; 60s p50 scan time on 400-file repos.
v0.1.02026-03-24

v0 + v1 scanner core

  • NEWv0 — 8 regex-based checks (secrets in bundles, env-var leaks, mixed content, missing security headers).
  • NEWv1 — 8 AST-based checks (process.env tracking, type-erasure, Stripe webhook signature verification, SQL injection via templates, RLS).
  • NEWGitHub App + webhook flow — automated scans on push / PR.
  • NEWScore, dimensions, severity, and a /dashboard surface.