Skip to content

1.5.2

Choose a tag to compare

View all tags
@oscarvalenzuelab oscarvalenzuelab released this 12 Nov 02:25
· 39 commits to main since this release
v1.5.2
8803659
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v1.5.2 - 2025-01-12

Fixed

Improved Workflow Instructions to Prevent Single-Package Detection Issues

Problem: Users reported that compliance checks generated notices for only 1 package, rather than all transitive dependencies (e.g., 1 package instead of 48 in node_modules/).

Root Cause: LLMs were bypassing scan_directory or not using ALL packages from the scan result. Some were manually extracting PURLs from package.json instead of using the comprehensive scan.

Changes:

  • Enhanced server instructions with CRITICAL WORKFLOW RULES section
  • Added explicit warnings in generate_legal_notices against manual PURL extraction
  • Added diagnostic logging to warn when suspiciously few packages detected (3 packages or fewer)
  • Improved examples showing WRONG vs RIGHT workflow approaches

Impact:

  • LLMs now understand ALWAYS to use scan_directory first
  • Clear guidance that npm project with one dependency = approximately 50 packages in node_modules
  • Better visibility when the workflow is not followed correctly

Note: The underlying MCP server code and purl2notices scanning work correctly. This release only improves instructions and logging to prevent misunderstandings in the workflow.

What's Changed

  • Improve workflow instructions to prevent single-package detection issues
  • Bump version to 1.5.2 and update changelog

Full Changelog: v1.5.1...v1.5.2

Assets 2
Loading