All notable changes to this project will be documented in this file.
This project follows Semantic Versioning.
DRY_RUN=1flag: prints planned actions without making cluster changesdocs/advanced-usage.md: JSON output, CI integration, dry-run, custom scenariosCONTRIBUTING.md: contribution guideCHANGELOG.md: this file.github/ISSUE_TEMPLATE/: bug report and feature request templates.github/pull_request_template.md: PR templatedocs/scenario-authoring.md: full scenario authoring guide- Prebuilt binary release pipeline via GitHub Actions
scenario.yamlper-scenario machine-readable spec (standardized)lib/common.sh:kube_apply,kube_exec,kube_deletedry-run wrapperslib/common.sh:DRY_RUNenvironment variable support
- README restructured: problem statement first, replay concept in one paragraph, quick start reduced to two commands
- README: scenario catalog table with run commands
- README: working diagram added
- README: limitations section added
- README: install section covers binary, Docker, and direct clone
- README: deterministic run guarantee documented
- README: output format stabilized and documented
- README: log verbosity table added
- README:
how to extend scenariossection added - README: sample detection use-case added
- Makefile:
DRY_RUNvariable added to all scenario targets docs/scenario-authoring.md: scenario authoring guide expanded
- Initial release
- 5 core scenarios:
shell-spawn,sa-token-read,kubectl-exec,curl-egress,secret-enumeration - 7-phase execution engine per scenario
- Behavior verification independent of detection backend
- JSON output via
JSON=1 - Exit code model (0, 10, 11, 20–24)
- Falco detection adapter (
lib/detection/falco.sh) - Production cluster guard
- Safety banner on every trigger
make setup-kind,make setup-falco,make doctormake list-scenarios- Docs:
local-cluster.md,falco-setup.md,workshop-mode.md - CI: shellcheck lint + YAML manifest dry-run validation