Skip to content

Logatory

v0.4.1 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 26d Forensics & Incident Response
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

anomaly-detection cli devops fastapi llm log-analysis
+9 more
logging observability ollama pii python security self-hosted siem threat-detection

Summary

AI summary

Fixed --redact dry-run to leave original text unchanged.

Full changelog

Maintenance release: one bug fix, internal refactoring, added test coverage. No public CLI or API changes — every command and endpoint that worked in 0.4.0 keeps working identically.

Fixes

  • --redact dry-run now leaves the original text unchanged, as the docs (and the upload UI) always promised. Previously dry-run fell through to the same hash-replacement path as --redact redact — hit counts and detection were already correct, but the output text was being rewritten. Locked with new unit tests.

Internal refactors (no behaviour change)

  • Severity-ordering consolidated onto a single .level property on FindingSeverity / Severity. Five copies of the same map across the codebase — two with opposite directions, a latent foot-gun.
  • New Principal abstraction in logatory.web.auth, forward-compatible with the planned multi-user server. Existing Bearer-token behaviour unchanged.
  • Six dedup helpers extracted across the CLI: SEVERITY_COLOR, BUILTIN_RULES_DIR, parse_lookback_seconds, compile_plugin_pii_patterns, build_engine, and a shared run_tail_pipeline for the realtime loop (7 commands × ~50 lines of identical async pipeline → one helper).
  • SqliteRepository base class — the four SQLite repos (Findings, Errors, Baseline, Dismiss) now declare _schemas + an optional _migrate hook instead of repeating ~25 lines of lifecycle each.
  • Net −262 LOC across the project.

Tests

  • New coverage for: fleet tail mid-stream target failure isolation, SSH poll() first-connect failure (file + journald modes), OpenSearch poll() deduplication contract for documents without _id, the new Principal abstraction, and the severity-level API.
  • Test count: 735 → 757, all passing.

Docs

  • New Sponsoring & Enterprise section in the README — a passive contact path for teams interested in the planned multi-user server, sponsoring a specific adapter or detection ruleset, priority support, or commercial / air-gapped licensing. The single-user mode stays Apache-2.0 and is called out as such.

Upgrade

pip install -U logatory — drop-in upgrade from 0.4.0, no config changes needed.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Logatory

Get notified when new releases ship.

Sign up free

About Logatory

All releases →

Related context

Beta — feedback welcome: [email protected]