v1.1.0 — Security hardening + Agentic AI era capabilities

What's new in v1.1.0

Security (5 blockers fixed)

• POST /scans rate limited to 10/minute — was unprotected
• CORS default changed from * to "" — must be explicitly configured
• /admin/reset now only deletes LCC-scoped Redis keys (scan:*, lcc:*), not flushdb()
• Worker path containment: validates scan path stays within LCC_WORKSPACE or /tmp
• Confirmed git history clean — no secrets ever committed

Code quality

• datetime.utcnow() → datetime.now(UTC) (Python 3.12 deprecation fix)
• warnings_count now computed via WarningAnalyzer — was always 0 before
• /scans/{id}/warnings returns real analysis instead of empty stub
• Performance tests: fixed Scanner(detectors, resolvers, config) constructor signature
• Integration tests: removed 500 from acceptable status codes

Agentic AI era (4 new capabilities)

• HuggingFace Hub API resolver — scans Python/YAML/JSON files for from_pretrained("org/model") and similar references; fetches license from HF API without requiring local download
• GGUF/ONNX detection — detects Ollama (.gguf) and ONNX (.onnx) model formats; infers model family from filename
• Dataset risk registry — 15 datasets classified; OpenAI API outputs, ChatGPT, ShareGPT, Books3 flagged as high/critical risk
• Honest Article 53 framing — scope note added to all assessments clarifying this is audit evidence, not full legal compliance

CLI

• --include-transitive flag added with lock file validation

Tests

393 passing (was 228 before this release)

Release v1.0.0: Initial Release

License Compliance Checker (LCC) is now officially released! This enterprise-grade tool helps organizations manage open-source license compliance with ease.

Key Features
🛡️ Automated Policy Enforcement: Define and enforce license policies (e.g., Ban GPL-3.0 in proprietary projects).
📦 Recursive Dependency Scanning: Automatically detects manifests (
package.json
, requirements.txt, pom.xml, etc.) deep within your project structure.
🤖 AI-Powered Analysis: specialized LLM integration (using Fireworks AI) for analyzing unknown or custom license texts.
📊 Comprehensive Reporting: Generate reports in JSON, Markdown, HTML, and CSV formats.
🐳 Docker Ready: Full microservices architecture (API, Worker, Dashboard, Redis, Postgres) ready for deployment.
🔌 CI/CD Integration: Seamlessly integrates with GitHub Actions for automated compliance checks.
Installation
You can install LCC directly from source or via the built artifacts:

pip install license-compliance-checker
Or using Docker:

docker-compose -f docker-compose.prod.yml up -d
Changelog
Initial public release.
Added recursive directory scanning.
Integrated Fireworks AI for license text classification.
Polished documentation and architecture diagrams.
Fixed identified bugs in scanning and UI.
Artifacts
Find the wheel and source distribution attached to this release.