> ## Documentation Index
> Fetch the complete documentation index at: https://docs.complior.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Changelog

> Release history and notable changes for Complior.

<Update label="v1.0.1" description="2026-05-03">
  ## Patch — `fix --doc` error message clarity

  Closes the only known limitation from v1.0.0.

  **Fixed**

  * `complior fix --doc <type>` now surfaces the actual engine error message (e.g. `Error: Passport not found: default`) instead of the generic `Error: Unknown engine error` when an invalid passport name is passed. Functional behaviour was already correct in v1.0.0 (exit code 1, no fake "Document generated" output) — only the displayed message has improved.

  **Affected paths**

  * `cli/src/headless/fix.rs` (`run_doc_generate_single`)
  * `cli/src/headless/doc.rs` (`run_doc_generate` and `run_doc_generate_fix`)

  **Verification**

  * 4-cycle exhaustive E2E across 3 profile contexts (deployer/limited/general, provider/high/healthcare, deployer/high/finance) — confirmed clean.
  * 0 regressions on prior fixes.
  * 226 Rust + 2,493 TS = 2,719 tests, 0 failures.
  * Released as `complior@1.0.1` on npm, `complior-cli@1.0.1` on crates.io, and 5 platform binaries on GitHub Releases.
</Update>

<Update label="v1.0.0" description="2026-05-03">
  ## Initial public release

  First general-availability release of the Complior open-source compliance platform. Production-ready for EU AI Act compliance scanning, evaluation, fix automation, Agent Passports, and report generation. All v1.0 pipeline commands (`init`, `scan`, `eval`, `fix`, `report`, `agent`/`passport`, `doctor`) are stable with full flag coverage and exhaustive E2E verification across 3 profile contexts.

  **Scan Engine**

  * 5-layer static analysis (L1 file presence, L2 document structure, L3 dependencies, L4 code patterns, L5 LLM opt-in)
  * 57+ AI framework detection (LangChain, CrewAI, OpenAI, Anthropic, Vercel AI, HuggingFace, AutoGen, Bedrock, Ollama, etc.)
  * 37 secret patterns (API keys, tokens, passwords) via NHI scanner
  * 33 code pattern rules across 8 compliance categories
  * Cross-layer verification (7 consistency rules including `cross-passport-code-mismatch`)
  * Profile-aware filtering: `role × riskLevel × domain → applicableObligations` (16 / 67 / 46 across deployer-limited / provider-high-healthcare / deployer-high-finance)
  * Incremental scan (mtime + SHA-256 cache, 10–50× speedup)
  * Supply chain audit (45+ AI SDKs with CVE detection)
  * Dependency scan (5 package managers with lock file parsing)
  * SARIF v2.1.0 and JSON output

  **Eval Engine**

  * 680 dynamic probes across 11 EU AI Act conformity categories + 300 OWASP/MITRE security probes
  * Profile-aware filtering: 319 / 335 / 327 of 388 tests applicable per profile
  * Deterministic + LLM-judged probe modes (BYOK or hosted judge)
  * Custom request template support for any API format
  * Auto-detect adapters (OpenAI, Anthropic, Google, custom)
  * SSE streaming with real-time progress
  * Refusal heuristic (correctly identifies model declines vs. failures)
  * CI threshold gates (`--ci --threshold N`)

  **Agent Passport**

  * 36-field standardized AI system identity card
  * 3 creation modes: Auto (65–70% from code), Guided (interactive), Manual (full control)
  * Ed25519 cryptographic signing with key management at `~/.config/complior/keys/`
  * Export: A2A, AIUC-1, NIST formats
  * Evidence chain (SHA-256 hash linking + ed25519 signatures, tamper-proof)
  * Worker Notification template
  * FRIA Generator (template + AI Enricher with scaffold/enhance modes)

  **Fix Engine**

  * 18 remediation strategies (code, document, config, cross-layer)
  * Preview with score impact prediction (capped at 99 — estimates, not certainty)
  * 14 EU AI Act + ISO 42001 document generators (FRIA, AI Policy, SoA, Risk Register, Worker Notification, Tech Documentation, Monitoring Policy, Data Governance, etc.)
  * LLM-assisted document generation (`--ai` opt-in)
  * ENRICH semantics for existing files (no overwrite of user edits)
  * Full undo capability via backup chain

  **CLI & TUI**

  * 40+ headless commands across 7 verbs (init, scan, eval, fix, report, agent, doctor)
  * 9-page interactive TUI dashboard (Dashboard, Scan, Findings, Passport, Obligations, Tests, Report, Log, Chat)
  * Background daemon with file watcher (200ms compliance gate, MCP server, HTTP API)
  * 5 color themes (default, dark, dracula, nord, solarized)
  * LLM Chat Service (TUI Chat page)

  **SDK**

  * `@complior/sdk` runtime compliance middleware (proxy-based wrapping)
  * 14 hooks (7 pre + 7 post): disclosure, prohibited, sanitize, logger, permission, rate-limit, disclosure-verify, content-marking, escalation, bias-check, headers, budget, action-log
  * 4 provider adapters (OpenAI, Anthropic, Google, Vercel AI)
  * PII sanitization (50+ patterns, 6 categories with checksum validation: IBAN, BSN, NIR, PESEL, Codice Fiscale)
  * Prohibited practice detection (138 patterns covering all 8 Art. 5 prohibitions)
  * GDPR Art. 9 context-dependent matching (8 special categories)
  * Domain hooks: HR, finance, healthcare, education, legal, content
  * `compliorAgent()` agent-aware wrapper with passport enforcement

  **MCP Server**

  * 8 MCP code tools for AI agent integration (Claude Desktop, Cursor, VS Code)
  * stdio transport with input validation
  * Compliance Proxy (policy engine + proxy interceptor)

  **Security & Quality Assurance**

  * Multi-framework scoring (EU AI Act + AIUC-1 + OWASP LLM Top 10 + MITRE ATLAS)
  * AIUC-1 Certification Readiness score (15 requirements)
  * Adversarial Test Runner (5 categories)
  * `complior redteam` (300+ probes mapped to OWASP/MITRE)
  * `complior import promptfoo` (external red-team results)
  * `complior scan --deep` (Semgrep / Bandit / ModelScan via Tier 2)
  * Test Generation (JS / Python / Go from passport constraints)

  **Compliance Coverage**

  * 108 EU AI Act obligations mapped (\~65% automatic, \~25% template-assisted, \~10% manual via SaaS)
  * AIUC-1 (15 requirements, \~70% covered)
  * ISO 42001 (\~65–70% covered: SoA generator, Risk Register generator, AI Policy template)
  * Industry-specific patterns: HR, finance, healthcare, education, legal, content

  **Reports**

  * 5 output formats: human (terminal), JSON, Markdown, HTML (875+ KB rich report), PDF
  * Profile-aware company profile block in reports
  * Score breakdown with disclaimer + category breakdown + `/status/posture` endpoint
  * `--share` flag for offline HTML report

  **Distribution**

  * npm: `complior` (CLI wrapper), `@complior/engine` (TS engine), `@complior/contracts` (sync schemas)
  * crates.io: `complior-cli` (Rust binary)
  * GitHub Releases: 5 platform binaries (Linux x86\_64/aarch64, macOS Intel/ARM, Windows x86\_64) with SHA-256 checksums
  * License: AGPL-3.0-only

  **Tests & CI**

  * 226 Rust + 2,493 TypeScript = 2,719 total tests, 0 failures
  * CI: Rust fmt + clippy + test + security audit, Engine typecheck + lint + test, npm audit, version consistency, contract tests (TS + Rust mirror against same fixture)
  * 11 mini-hotfix milestones (V1-M30.1 → V1-M30.11) consecutively delivered with exhaustive 3-cycle E2E verification before tag

  **EU AI Act enforcement**: August 2, 2026 (\~91 days from this release).
</Update>

<Update label="v0.9.0-beta" description="2026-03-15">
  ## Beta release

  * S05 SDK Production complete (30/34 user stories)
  * 1,691 tests passing (862 TS + 414 SDK + 415 Rust)
  * Compliance diff feature
  * Multi-agent awareness
  * Cost estimator
  * Industry-specific patterns (HR, finance, healthcare, education, legal)
</Update>

<Update label="v0.8.0-alpha" description="2026-03-01">
  ## Alpha release

  * S03–S04 daemon foundation complete
  * Agent Passport Mode 1 (Auto)
  * FRIA generator
  * Evidence chain with ed25519 signatures
  * `compliorAgent()` SDK wrapper
  * Background daemon with PID management
  * TUI Obligations page (108 obligations)
</Update>
