Skip to content

Releases: shakecodeslikecray/whiterose

v2.0.2

13 Feb 01:45
@github-actions github-actions
v2.0.2
5a2448c

Choose a tag to compare

View all tags
v2.0.2 Latest
Latest

What's Changed

  • feat(providers): add OpenCode executor by @RoyRoki in #4

New Contributors

Full Changelog: v1.0.9...v2.0.2

Contributors

RoyRoki
Assets 2
Loading

v1.0.0 - Major Architecture Overhaul

04 Feb 15:55
@shakecodeslikecray shakecodeslikecray
v1.0.0
9203f99

Choose a tag to compare

View all tags
v1.0.0 - Major Architecture Overhaul

whiterose v1.0.0

"I've been staring at your code for a long time."

This is the first major release of whiterose, featuring a complete architecture overhaul for reliability, extensibility, and consistency across all LLM providers.

Highlights

LSP-Compliant Architecture

All providers are now interchangeable. Scanning logic lives in ONE place (CoreScanner), not scattered across provider implementations.

┌─────────────────────────────────────────┐
│           CoreScanner                    │
│   (owns ALL 19-pass scanning logic)     │
└─────────────────┬───────────────────────┘
                  │ executor.runPrompt()
                  ▼
┌─────────────────────────────────────────┐
│        PromptExecutor interface          │
│   (simple: just run prompts)            │
└─────────────────┬───────────────────────┘
         ┌────────┼────────┬────────┐
         ▼        ▼        ▼        ▼
    claude-code  codex  gemini   aider

19-Pass Pipeline with Findings Flow

Bugs found in earlier passes inform later passes:

Static Analysis (tsc/eslint)
         ↓
   PHASE 1: Unit Analysis (9 passes)
   → injection, auth-bypass, null-safety, etc.
         ↓ unitFindings
   PHASE 2: Integration Analysis (5 passes)  
   → auth-flow, data-flow, trust boundaries
         ↓ integrationFindings
   PHASE 3: E2E Analysis (5 passes)
   → attack chains, privilege escalation
         ↓
   Final: Deduplicate + Merge

What's New

Features

  • CoreScanner: Central orchestrator for all scanning logic
  • PromptExecutor interface: Simple provider abstraction (~50 LOC per provider)
  • Phase dependencies: Unit findings flow to Integration, then to E2E passes
  • Progress callbacks: Real-time scan output with phase/batch tracking
  • generateUnderstanding() in CoreScanner: For init/refresh commands

Bug Fixes

  • Codex fix mode: Now uses correct flags (--full-auto, -C)
  • Null reference in cache: Validates entries and stats fields
  • Null reference in accumulated bugs: Validates bugs array
  • Error detection: No longer false-positives on LLM output containing "not found"

Code Quality

  • Removed 4,220 LOC of dead adapter code
  • Fixed circular dependency in TUI components
  • Removed obsolete interfaces: LLMProvider, AnalysisContext

Breaking Changes

  • getProvider() removed - use getExecutor() + CoreScanner instead
  • LLMProvider interface removed - implement PromptExecutor instead
  • Old adapter classes removed (ClaudeCodeProvider, AiderProvider, etc.)

Migration

If you were using the library programmatically:

// Before (0.x)
import { getProvider } from '@shakecodeslikecray/whiterose';
const provider = await getProvider('claude-code');
const bugs = await provider.analyze(context);

// After (1.0)
import { getExecutor, CoreScanner } from '@shakecodeslikecray/whiterose';
const executor = getExecutor('claude-code');
const scanner = new CoreScanner(executor);
const bugs = await scanner.scan(context);

Installation

npm install -g @shakecodeslikecray/whiterose

Full Changelog

See commits: v0.2.7...v1.0.0

Loading