msaad00/agent-bom

What's Changed

• chore(deps): bump urllib3 from 2.6.3 to 2.7.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2511
• release: prepare v0.86.5 by @msaad00 in https://github.com/msaad00/agent-bom/pull/2512
• chore(deps): bump litellm from 1.83.7 to 1.83.10 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2513
• [codex] fix compliance data hotfixes by @msaad00 in https://github.com/msaad00/agent-bom/pull/2514
• fix: emit shell completion scripts and persist CLI scans to local analytics by @msaad00 in https://github.com/msaad00/agent-bom/pull/2515
• fix: audit verifier validates aes-cmac-128 chains and signals via exit codes by @msaad00 in https://github.com/msaad00/agent-bom/pull/2516
• fix: thread offline_mode into scan_agents_with_enrichment by @msaad00 in https://github.com/msaad00/agent-bom/pull/2517
• fix CLI runtime audit gates by @msaad00 in https://github.com/msaad00/agent-bom/pull/2518
• add canonical IDs across reports and graph by @msaad00 in https://github.com/msaad00/agent-bom/pull/2519
• release: enable PyPI native attestations by @msaad00 in https://github.com/msaad00/agent-bom/pull/2520
• fix API gateway data audit gaps by @msaad00 in https://github.com/msaad00/agent-bom/pull/2521
• fix CLI P1 polish gaps by @msaad00 in https://github.com/msaad00/agent-bom/pull/2522
• fix canonical ID persistence alignment by @msaad00 in https://github.com/msaad00/agent-bom/pull/2523
• fix: make cryptography a core dependency so agent-bom audit works after pip install by @msaad00 in https://github.com/msaad00/agent-bom/pull/2524
• fix: honor agent-bom sbom -o when a CLI profile is active by @msaad00 in https://github.com/msaad00/agent-bom/pull/2525
• fix output formatter metadata parity by @msaad00 in https://github.com/msaad00/agent-bom/pull/2526
• fix check agent mode envelope by @msaad00 in https://github.com/msaad00/agent-bom/pull/2527
• fix product graph screenshot proof by @msaad00 in https://github.com/msaad00/agent-bom/pull/2528
• fix graph command center proof by @msaad00 in https://github.com/msaad00/agent-bom/pull/2529
• docs graph data product review by @msaad00 in https://github.com/msaad00/agent-bom/pull/2530
• fix shared exposure path command center by @msaad00 in https://github.com/msaad00/agent-bom/pull/2531
• fix security graph command center by @msaad00 in https://github.com/msaad00/agent-bom/pull/2532
• chore(deps-dev): bump vitest from 4.1.5 to 4.1.6 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2534
• chore(deps-dev): bump @types/node from 25.6.2 to 25.7.0 in /sdks/typescript by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2536
• add large graph overview renderer by @msaad00 in https://github.com/msaad00/agent-bom/pull/2533
• chore(deps-dev): bump @playwright/test from 1.59.1 to 1.60.0 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2537
• chore(deps-dev): bump @types/node from 25.6.2 to 25.7.0 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2535
• chore(deps-dev): bump typescript-eslint from 8.59.2 to 8.59.3 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2538
• pin windows endpoint runner to VS 2022 by @msaad00 in https://github.com/msaad00/agent-bom/pull/2539
• fix check output contract gaps by @msaad00 in https://github.com/msaad00/agent-bom/pull/2540
• Add time-versioned graph edges by @msaad00 in https://github.com/msaad00/agent-bom/pull/2541
• Add graph benchmark evidence scaffold by @msaad00 in https://github.com/msaad00/agent-bom/pull/2542
• Harden large graph overview fallback by @msaad00 in https://github.com/msaad00/agent-bom/pull/2543
• Add measured graph benchmark evidence by @msaad00 in https://github.com/msaad00/agent-bom/pull/2544
• Add API-native ExposurePath contract by @msaad00 in https://github.com/msaad00/agent-bom/pull/2553
• Project toxic combos into graph investigations by @msaad00 in https://github.com/msaad00/agent-bom/pull/2554
• Add graph renderer switch contract by @msaad00 in https://github.com/msaad00/agent-bom/pull/2555
• Add semantic graph cluster API by @msaad00 in https://github.com/msaad00/agent-bom/pull/2556
• Cache agents discovery responses by @msaad00 in https://github.com/msaad00/agent-bom/pull/2557
• Add Sigma WebGL graph overview by @msaad00 in https://github.com/msaad00/agent-bom/pull/2558
• Harden Postgres graph hot path indexes by @msaad00 in https://github.com/msaad00/agent-bom/pull/2559
• Document Neptune graph backend design by @msaad00 in https://github.com/msaad00/agent-bom/pull/2560
• Fix legacy SQLite graph edge migration by @msaad00 in https://github.com/msaad00/agent-bom/pull/2561
• Add optional Neptune graph adapter by @msaad00 in https://github.com/msaad00/agent-bom/pull/2562
• Clarify graph release positioning by @msaad00 in https://github.com/msaad00/agent-bom/pull/2563
• Fix graph light mode tokens by @msaad00 in https://github.com/msaad00/agent-bom/pull/2564
• Promote exposure path investigation brief by @msaad00 in https://github.com/msaad00/agent-bom/pull/2565
• Add identity graph taxonomy slice by @msaad00 in https://github.com/msaad00/agent-bom/pull/2566
• Carry ExposurePath into report outputs by @msaad00 in https://github.com/msaad00/agent-bom/pull/2567
• Adapt Sigma overview to unified graph data by @msaad00 in https://github.com/msaad00/agent-bom/pull/2568
• Decouple skills provenance gaps from malicious status by @msaad00 in https://github.com/msaad00/agent-bom/pull/2569
• Fix skills trust dual-axis recommendations by @msaad00 in https://github.com/msaad00/agent-bom/pull/2570
• Verify runtime audit chain algorithms by @msaad00 in https://github.com/msaad00/agent-bom/pull/2571
• Add MCP exposure paths tool by @msaad00 in https://github.com/msaad00/agent-bom/pull/2572
• Add AWS IAM identity graph enrichment by @msaad00 in https://github.com/msaad00/agent-bom/pull/2573
• Add MCP deploy decision tool by @msaad00 in https://github.com/msaad00/agent-bom/pull/2574
• Route medium behavioral skill findings to review by @msaad00 in https://github.com/msaad00/agent-bom/pull/2575
• Fix Neptune ADR site docs link by @msaad00 in https://github.com/msaad00/agent-bom/pull/2576
• Add ExposurePath envelope to JSON reports by @msaad00 in https://github.com/msaad00/agent-bom/pull/2577
• chore(deps-dev): bump @vitejs/plugin-react from 6.0.1 to 6.0.2 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2581
• chore(deps-dev): bump @types/node from 25.7.0 to 25.8.0 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2582
• Refresh tracked product metrics snapshot by @msaad00 in https://github.com/msaad00/agent-bom/pull/2579
• Refresh release proof docs and screenshots by @msaad00 in https://github.com/msaad00/agent-bom/pull/2580
• chore(deps): bump python from 3.14.3-alpine3.23 to 3.14.5-alpine3.23 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2583
• chore(deps-dev): bump @types/node from 25.7.0 to 25.8.0 in /sdks/typescript by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2584
• chore(deps): bump lucide-react from 1.14.0 to 1.16.0 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2585
• Clarify agent-first security data plane positioning by @msaad00 in https://github.com/msaad00/agent-bom/pull/2588
• feat(skills): add policy-aware CI gates by @msaad00 in https://github.com/msaad00/agent-bom/pull/2590
• feat(skills): improve scanner evidence accuracy by @msaad00 in https://github.com/msaad00/agent-bom/pull/2591
• feat(skills): emit SARIF for skill findings by @msaad00 in https://github.com/msaad00/agent-bom/pull/2592
• feat(control-plane): add credential reference registry by @msaad00 in https://github.com/msaad00/agent-bom/pull/2599
• docs(product): publish product lane boundaries by @msaad00 in https://github.com/msaad00/agent-bom/pull/2600
• feat(sdk): add TypeScript control-plane client by @msaad00 in https://github.com/msaad00/agent-bom/pull/2601
• docs(runtime): define posture event streaming contract by @msaad00 in https://github.com/msaad00/agent-bom/pull/2602
• feat(inventory): stream versioned inventory ingestion by @msaad00 in https://github.com/msaad00/agent-bom/pull/2603
• feat(graph): expose agent-native REST decisions by @msaad00 in https://github.com/msaad00/agent-bom/pull/2604
• docs(product): clarify agent-first positioning by @msaad00 in https://github.com/msaad00/agent-bom/pull/2605
• feat(sdk): expose public Python API by @msaad00 in https://github.com/msaad00/agent-bom/pull/2606
• feat(runtime): add posture webhook outbox by @msaad00 in https://github.com/msaad00/agent-bom/pull/2607
• feat(api): add normalized bulk findings ingest by @msaad00 in https://github.com/msaad00/agent-bom/pull/2609
• feat(api): add dataset version registry by @msaad00 in https://github.com/msaad00/agent-bom/pull/2611
• feat(runtime): expose posture webhook outbox status by @msaad00 in https://github.com/msaad00/agent-bom/pull/2613
• feat(enterprise): add local entitlement metadata hooks by @msaad00 in https://github.com/msaad00/agent-bom/pull/2614
• feat(iac): add dbt project security scanner by @msaad00 in https://github.com/msaad00/agent-bom/pull/2615
• fix(ci): restore Postgres scale evidence workflow by @msaad00 in https://github.com/msaad00/agent-bom/pull/2616
• release: prepare v0.87.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/2617

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.86.4...v0.87.0