msaad00/agent-bom

What's Changed

• feat(api): polish distributed tracing headers by @msaad00 in https://github.com/msaad00/agent-bom/pull/1246
• feat(ci): guard JS supply chain surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/1248
• chore(deps-dev): bump @types/node from 25.5.0 to 25.5.2 in /sdks/typescript by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1249
• chore(deps-dev): bump typescript from 5.9.3 to 6.0.2 in /sdks/typescript by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1250
• feat(skills): resolve JS import aliases in code analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1251
• feat(api): expose tracing health and baggage by @msaad00 in https://github.com/msaad00/agent-bom/pull/1252
• feat(scan): surface project lockfile inventory by @msaad00 in https://github.com/msaad00/agent-bom/pull/1253
• feat(scan): expose model supply-chain coverage by @msaad00 in https://github.com/msaad00/agent-bom/pull/1254
• feat(scan): surface model bundle lineage by @msaad00 in https://github.com/msaad00/agent-bom/pull/1255
• feat(api): make ClickHouse analytics a first-class backend by @msaad00 in https://github.com/msaad00/agent-bom/pull/1256
• feat(scan): surface advisory depth for project inventory by @msaad00 in https://github.com/msaad00/agent-bom/pull/1257
• feat(verify): add model weight verification CLI by @msaad00 in https://github.com/msaad00/agent-bom/pull/1258
• feat(report): diff external sboms against scans by @msaad00 in https://github.com/msaad00/agent-bom/pull/1259
• feat(scan): expose advisory source attribution by @msaad00 in https://github.com/msaad00/agent-bom/pull/1260
• docs(enterprise): map claims to controls and community paths by @msaad00 in https://github.com/msaad00/agent-bom/pull/1261
• docs(community): publish Discord support link by @msaad00 in https://github.com/msaad00/agent-bom/pull/1262
• docs(demo): refresh storefront hero surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/1265
• feat(clickhouse): persist API scan analytics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1266
• chore(deps): bump vite from 8.0.1 to 8.0.5 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1270
• chore: weekly uv.lock upgrade 2026-04-06 by @github-actions[bot] in https://github.com/msaad00/agent-bom/pull/1267
• chore: sync MCP registry — 0 new, 0 from toolhive, 9 versions, 0 CVE-enriched by @github-actions[bot] in https://github.com/msaad00/agent-bom/pull/1269
• ci: sign automation update commits by @msaad00 in https://github.com/msaad00/agent-bom/pull/1271
• feat(clickhouse): add fleet compliance and audit analytics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1272
• docs: sharpen release surfaces and graph focus by @msaad00 in https://github.com/msaad00/agent-bom/pull/1273
• fix(docs): remove stray readme conflict marker by @msaad00 in https://github.com/msaad00/agent-bom/pull/1275
• feat(cli): add standalone remediate command by @msaad00 in https://github.com/msaad00/agent-bom/pull/1276
• refactor(cli): extract shared scan runner from remediate by @msaad00 in https://github.com/msaad00/agent-bom/pull/1278
• feat(graph): collapse CVEs behind package summaries by @msaad00 in https://github.com/msaad00/agent-bom/pull/1279
• chore(deps-dev): bump jsdom from 29.0.1 to 29.0.2 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1280
• [codex] add js ts ast fallback analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1282
• feat(graph): unified OCSF-aligned graph schema with persistence by @msaad00 in https://github.com/msaad00/agent-bom/pull/1283
• feat(graph): unified OCSF-aligned graph schema, pipeline wiring, query endpoints by @msaad00 in https://github.com/msaad00/agent-bom/pull/1284
• [codex] fix CI Railway health probes for deployment drift checks by @msaad00 in https://github.com/msaad00/agent-bom/pull/1285
• feat(graph): full inventory builder + Wave 1 enhancements by @msaad00 in https://github.com/msaad00/agent-bom/pull/1286
• feat: advance AST and SAST analysis paths by @msaad00 in https://github.com/msaad00/agent-bom/pull/1287
• feat(graph): Wave 1 — reverse queries, impact, search, runtime edges, full entity model by @msaad00 in https://github.com/msaad00/agent-bom/pull/1288
• feat(graph): Wave 2-3 — pagination, RBAC, presets, webhooks, OCSF enrichment by @msaad00 in https://github.com/msaad00/agent-bom/pull/1289
• feat: deepen AST taint and control-flow analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1290
• chore(deps-dev): bump vitest from 4.1.2 to 4.1.3 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1291
• chore(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1292
• harden unified graph snapshot persistence and report ingestion by @msaad00 in https://github.com/msaad00/agent-bom/pull/1293
• fix concurrent scanner state and scan cache access by @msaad00 in https://github.com/msaad00/agent-bom/pull/1294
• feat(graph): move graph page onto unified graph api by @msaad00 in https://github.com/msaad00/agent-bom/pull/1295
• feat(graph): add server-backed explorer controls by @msaad00 in https://github.com/msaad00/agent-bom/pull/1296
• feat(graph): add attack-path drilldown and unify security route by @msaad00 in https://github.com/msaad00/agent-bom/pull/1297
• chore: tighten release claims and bump cryptography by @msaad00 in https://github.com/msaad00/agent-bom/pull/1298
• feat(graph): add postgres graph store backend by @msaad00 in https://github.com/msaad00/agent-bom/pull/1299
• feat(graph): deliver delta alerts and tighten claims by @msaad00 in https://github.com/msaad00/agent-bom/pull/1300
• perf: speed graph search and harden security coverage by @msaad00 in https://github.com/msaad00/agent-bom/pull/1301
• feat: deepen AST and SAST analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1302
• feat: deepen Go AST and custom SAST workflows by @msaad00 in https://github.com/msaad00/agent-bom/pull/1303
• feat: expand first-party AST security heuristics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1304
• fix: harden graph delta delivery and path semantics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1305
• feat: deepen AST cross-file and flow heuristics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1306
• feat: deepen JS/TS AST interprocedural analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1307
• feat: add JS/TS taint-aware interprocedural flows by @msaad00 in https://github.com/msaad00/agent-bom/pull/1309
• feat: add Go AST cross-file taint analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1310
• fix: harden CodeQL SARIF upload path by @msaad00 in https://github.com/msaad00/agent-bom/pull/1311
• docs: align README with current product path by @msaad00 in https://github.com/msaad00/agent-bom/pull/1312
• feat: add per-layer CVE attribution for container images by @msaad00 in https://github.com/msaad00/agent-bom/pull/1315
• feat: add PDF export for scan reports by @msaad00 in https://github.com/msaad00/agent-bom/pull/1316
• polish: tighten README visuals and demo scan output by @msaad00 in https://github.com/msaad00/agent-bom/pull/1317
• release: prepare 0.76.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/1318
• fix: replace PDF renderer with built-in export by @msaad00 in https://github.com/msaad00/agent-bom/pull/1319

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.76.0