Steampunk Spotter CLI version 5.8.0, 2025-12-03
-----------------------------------------------
* Enabled running spotter scans for Ansible version 2.19.
* Disable parallel parsing when scanning a small number of input files.

Steampunk Spotter CLI version 5.7.0, 2025-09-24
-----------------------------------------------
* Improved detecting secrets:
  * Now properly detecting GitHub and GitLab secrets.
  * Parsing performance increased by several orders of magnitude.

Steampunk Spotter CLI version 5.6.0, 2025-08-27
-----------------------------------------------
* Fixed the re-login API call to backend to respect the `--insecure` option.
* Fixed yaml formatting to work with latest versions of yaml libraries.
* Fixed handling of multi-line strings using one of | or > command flow character in YAML.
* Moved dependencies for wheel directly to install requires.

Steampunk Spotter CLI version 5.5.1, 2025-05-07
-----------------------------------------------
* Scan now continues without breaking even when an OS exception occurs during reading of an input
  file.
* Fixed a login issue when connecting to an endpoint with an untrusted TLS certificate while running
  scans on Windows.

Steampunk Spotter CLI version 5.5.0, 2025-04-24
-----------------------------------------------
* Local scan now only visits each physical directory once, preventing infinite loops due to symbolic
  links in the filesystem.
* Scan now covers YAML special tags !!str and !!binary.
* Fixed crashes when trying to parse a YAML file with an empty item.
* Fixed the `spotter -k/--insecure` switch in Windows, allowing connections with untrusted back end
  hosts.
* Fixed an issue with scans breaking at the back end for inputs containing the `\u0000` string
  sequences.

Steampunk Spotter CLI version 5.4.0, 2025-03-26
-----------------------------------------------
* Enabled parallel parsing of the YAML input files by allowing to scan each directory in its own
  process, reducing the overall time needed to parse the project input files.
* Fixed the rewrite results of inline strings that was padded with spaces and/or
  new lines, previously resulting in a partially duplicated output.
* Fixed the duplicate license file reference issue in the build configuration.
* RPM build logic in CI/CD.

Steampunk Spotter CLI version 5.3.0, 2025-01-29
-----------------------------------------------
* New `spotter scan` switch `--skip-detect-secrets` disables detection and obfuscation of
  sensitive data in the client before preparing the payload.

Steampunk Spotter CLI version 5.2.1, 2025-01-15
-----------------------------------------------
* Fixed mapping the results for variables with the input file, line and column number for scans
  that use imported payload.

Steampunk Spotter CLI version 5.2.0, 2024-12-17
-----------------------------------------------
* TLS certificate verification can now be disabled by setting environment variable
  `SPOTTER_INSECURE` to one of "1", "true", "True", "TRUE".
* New `spotter scan` switch `--include-vars` enables scanning Ansible variables.
* New validation of the API token and endpoint inputs (from CLI switches or env vars) by testing if
  the endpoint returns a positive response before saving them in the login file.

Steampunk Spotter CLI version 5.1.1, 2024-12-05
-----------------------------------------------
* Enabled running spotter scans for Ansible version 2.18.
* Fixed a "permission denied" error in spotter builder.

Steampunk Spotter CLI version 5.1.0, 2024-11-28
-----------------------------------------------
* The `spotter build` command now performs the EE build operation from the directory it was run
  from, which allows including files that the EE manifest is linking to.
* Fixed a `spotter build` error "'str' object has no attribute 'append'" that appeared for certain
  input files.

Steampunk Spotter CLI version 5.0.0, 2024-10-28
-----------------------------------------------
* The CLI now uses the system's default trust Certificate Authority (CA) store when checking the
  trust of the remote TLS server.
* New `spotter` switch `--cacert CACERT` allowing to specify a custom `CACERT` CA certificate store.
* New `spotter` switch `-k`/`--insecure` to instruct the HTTP client to trust any server's TLS
  certificate.

Steampunk Spotter CLI version 4.4.1, 2024-10-17
-----------------------------------------------
* Improved the YAML parsing error message that is displayed on the standard output.

Steampunk Spotter CLI version 4.4.0, 2024-10-09
-----------------------------------------------
* The scan operation now counts scanned files and skipped paths. Console output displays this
  information in the scan summary, and the CLI shares it with the back end.
* Scans running during an AAP execution collect and send information on the AAP job ID, inventory
  ID and project revision.
* The `spotter scan` switch `--origin` is now visible in the usage text.
* Entrypoint hook is considered as a scan originating from CI.

Steampunk Spotter CLI version 4.3.0, 2024-08-28
-----------------------------------------------
* New ability to read Ansible vars.
* CLI now prints file names for variables.
* Codebase is improved to provide:
  * Higher reliability.
  * Use of the up-to-date dependencies.
  * CI test matrix is now extended with newer pydantic library versions.
  * Formatting code is unified and much easier to develop with.
  * Certain class naming makes more sense.

Steampunk Spotter CLI version 4.2.0, 2024-07-24
-----------------------------------------------
* The `spotter scan` switch `--profile PROFILE` now accepts any valid profile name as `PROFILE`.
  This allows for scanning with the custom profiles available at the target project's organization.
* Fixed the issue where the CLI interpreted old-style requirements files as task lists.
* Fixed omitted `plugins` value in the `--import-payload` file.

Steampunk Spotter CLI version 4.1.0, 2024-07-17
-----------------------------------------------
* Scan input now includes all the relevant files in all subdirectories. This includes the
  files that may previously have been missed because CLI assumed a specific structure of the directories.
* New ability to recognize and include role specifications into the scan input.
* New `spotter scan` switch `--exclude-paths` directs the CLI to omit the specified directories
  and files from being scanned.
* New `spotter scan` switch `--no-ansible-version` allows the client to set the target ansible
  version to unknown.
* New ability of the `spotter scan` command to collect the locally installed Python packages.
  To prevent this information from being used in the payload, a new `--exclude-environment` switch
  is available.
* The CLI now also parses blocks in the input.
* Improved the speed of rewrites.
* Improved reporting of badly formatted YAML input.
* YAML inputs with the first non-commented-out line being equal to "---" are treated as YAML 1.1
  instead of 1.2.
* Scanning now includes the Ansible requirements files generated in a preceding rewrite action.

Steampunk Spotter CLI version 4.0.0, 2024-06-19
-----------------------------------------------
* New command `spotter build` which serves as a wrapper command for `ansible-builder build`. It
  produces an Ansible Execution Environment, which has the Steampunk Spotter client embedded.
* The `spotter scan` command now scans and gathers inputs that include:
  * Dynamic inventories.
  * Roles.
  * List of the Ansible Galaxy collections installed in the environment at the controller.
* The `spotter config get` command now transforms the input and displays it to be compatible with
  the `spotter config set` command.

Steampunk Spotter CLI version 3.3.0, 2024-03-13
-----------------------------------------------
* The YAML errors that the CLI encounters while reading local files now have the formatting unified
  with the regular check result output.

Steampunk Spotter CLI version 3.2.0, 2024-03-13
-----------------------------------------------
* New `spotter scan` switch `--sarif SARIF_FILE` enables output of scan reports in the OASIS Static
  Analysis Results Interchange Format (SARIF).
* Fixed the issue with serializing type ScalarBoolNo in some inputs.

Steampunk Spotter CLI version 3.1.1, 2024-01-29
-----------------------------------------------
* Fixed the use of `spotter scan --junit-xml XML_FILE` where the `XML_FILE` is a relative
  path.

Steampunk Spotter CLI version 3.1.0, 2024-01-16
-----------------------------------------------
* Spotter CLI is now tested to support Python 3.12.
* In the console output, Spotter CLI now displays an URL of the scan's Web App view, which to
  paying customers provides the GUI representation of the scan. This may be suppressed by
  using a new `spotter scan` switch `--no-scan-url`.
* Cleaner output on the standard output stream by redirecting all CLI warning messages, including
  deprecation notices, to the standard error stream.
* Scan outputs in JSON and YAML formats now include the organization ID of the project that the
  scanning took place in.
* Scan payload now includes information about the parameter value's types when the values are
  included in the payload.
* Improved the request handling by implementing a simple increasing back-off strategy for retries
  after client request failures.
* Improved the progress indication behavior by not showing any progress or showing errors when a
  nonexistent file is scanned.
* Improved efficiency of finding the version of Ansible, Ansible Core and Ansible Base (where
  applicable), reducing time needed to perform scans.
* Improved the process of rewriting by eliminating unnecessary looping through suggestions and
  resolving rewrite errors.
* File information in the metadata section of the scan payload now uses relative paths instead of
  the absolute ones.
* Replaced the deprecated `--api-token` CLI option with `--token` in the README documentation.

Steampunk Spotter CLI version 3.0.0, 2023-12-06
-----------------------------------------------
* Progress bar now shows an "in progress with an unknown total" animation. The progress bar is shown
  even while parsing the input before exporting the payload.
* `spotter --token` switch is now preferred over its `--api-token` equivalent.
* New environment variable `SPOTTER_TOKEN` is now supported on top of the existing
  `SPOTTER_API_TOKEN`.
* Removed the global parser metavar listing all commands as {a, b, c, d}.
* Reworded the console output to ensure that the sentence punctuation does not get included in the
  clicked URLs.
* Changes of the `spotter scan` command include removal of the following switches and options:
  * `--option/-o` flag.
  * `--format junit_xml` option.
  * `--include-values`.
  * `--include-metadata`.
* Instead of `spotter` commands `get-config`, `set-config` and `clear-config`, the new commands are
  now grouped as `config get`, `config set` and `config clear`, respectively.
* Similarly, instead of `spotter` commands `set-policies` and `clear-policies`, the new commands are
  `policies set` and `policies clear`, respectively.
* Scan payload now includes the CLI's version.
* New optional `spotter scan` switch `--origin ORIGIN` allows indicating the context of the scan.
  Currently supported `ORIGIN` values include 'cli', 'docker', 'ide',  and 'ci'.
* Payload's task details now also include `play_id`.
* Migrated the code to support module ruamel.yaml > 0.18 and Pydantic V2 features.
* Fixed an issue with running Spotter in an environment with module rich <= 12.0.0 installed.
* Fixed an issue with ruamel's changing the YAML version to 1.2.

Steampunk Spotter CLI version 2.6.0, 2023-11-22
-----------------------------------------------
* We have introduced a new naming, the Ansible Playbook Platform.
* Scanning against Ansible version 2.16 is now supported.
* The `spotter scan` switches `--upload-values` and `--upload-metadata` have been removed.
* New global switch `--timeout TIMEOUT` enables setting a custom HTTP client request time out in
  seconds.
* New console output displays where Spotter failed to apply suggestions.
* Fixed an issue where rewriting would fail for input containing `local_action` and the module name
  appears in the task's name.
* Switch `--no-color` is now preferred while `--no-colors` has been deprecated and is now hidden
  from help.
* Each CLI option description appears in the same row as options in help messages.
* The `--help/-h` message is capitalized for all commands.
* Usage message for all commands is capitalized.
* Short CLI options appear at the beginning of help messages as preferred ones.
* Command descriptions show up before command usage.
* Help and description texts are changed to talk of options and arguments instead of optional and
  positional arguments.
* The `spotter scan` command's `--ansible-version` now also has the short version `-a`.
* The `spotter scan` command's `--project-id` now has a better help description.
* The `DOCUMENTATION.md` file is removed in favour of the on-line documentation
  (https://spotter.steampunk.si/docs/).
* We have refactored the command code to employ reusable classes.

Steampunk Spotter CLI version 2.5.0, 2023-10-04
-----------------------------------------------
* Output sections are now marked (e.g., check results, scan summary).
* Output sections are now separated with newline delimiters.
* Each check is marked as rewritable in magenta color if it can be rewritten.
* Scan summary contains info about how many checks can be rewritten, shown in again in magenta
  color.
* Hyperlinks (URLs) are now displayed by default in cyan color.
* After rewrite, we show which checks were rewritten and which still remain.

Steampunk Spotter CLI version 2.4.0, 2023-09-06
-----------------------------------------------
* CLI now initiates an asynchronous scan process using the new v3/scans_async. It shows the progress
  using a visual progress bar that updates periodically until a full scan is received and check
  results are shown.
* New switch `spotter scan` switch `--no-progress` allows for disabling display of any progress
  bar.
* Fixed an issue where requirement rewrite suggestion would erase old requirements instead of
  appending new entries from suggestions.
* Integration tests now run in compatibility matrix.
* In CI/CD, we have scheduled "nightly" pipelines.

Steampunk Spotter CLI version 2.3.0, 2023-08-23
-----------------------------------------------
* Metadata and values are now collected and transmitted to back end by default. The user may opt
  out of this behavior using `--exclude-metadata` and `--exclude-values`, respectively.
* Using `--export-payload` without `--include-metadata` now produces the json, but prints a warning
  that the user cannot use it without `--include-metadata`.
* We deprecate `--format junit_xml` switch and make `--junit-xml` switch no longer deprecated.
  Exporting JUnitXML takes place on top of putting the scan check results to output.
* Fixed an error with rewriting plays that contain `always_run`.
* Fixed calling `colorama.init()` even when `--no-colors` is used.

Steampunk Spotter CLI version 2.2.0, 2023-08-09
-----------------------------------------------
* Check result subcodes are now displayed in the output for check results that include them.
* Using pydantic2 we've increased the code quality and reliability.
* Resolved minor problems with the `--skip-checks` and -`-enforce-checks` flags that did not work properly with the
  extended noqa pattern (event[fqcn=<fqcn>, subevent_code=<subevent_code>]).
* The noqa code now has to start with either E, H or W.
* Flags --skip-checks and --enforce-checks can be applied multiple times, and the inputs are then concatenated to a
  list.
* Error messages related to client errors (not scan check results at error level) are now unified
  by being displayed as "Error: ..." and all directed to standard error stream.
* Code is reorganized to expose internal functionality as a library of modules, providing a clean separation from the
  command-line parameter handling to actual performing of scans and communications with the back end.
* The code coverage is increased by adding new unit tests. Several improvements resulted from that change.
* Having different integration tests makes sure that all CLI commands are still runnable after any
  code changes.
* The `pyproject.toml` package configuration is now supported and now also includes all linter
  configurations.
* Developers can now use `dev.sh` script for local testing and development.
* `black` tool is now used for formatting code.
* The test matrix image now uses registry caching.
* Ansible commands (e.g., `ansible --version`, `ansible-galaxy`, `ansible-config`) for environment
  discovery will be run concurrently if possible.

Steampunk Spotter CLI version 2.1.0, 2023-07-12
-----------------------------------------------
* Filtering (skipping) check results is now possible to apply at individual task level by adding
  YAML comments containing, e.g.:
  # noqa: H500
  # noqa: H1900[fqcn=community.crypto.x509_certificate]
  # noqa: event[fqcn=<fqcn>, subevent_code=<subevent_code>]
* New commands `set-config`, `get-config` and `clear-config` for, respectively, pushing an
  organization-level (applied at the App) configuration, getting and displaying the current
  configuration, or clearing the current configuration. This configuration specifies
  organization-level default values for: Ansible version, display level, profile, and a list of
  check results that are skipped or enforced at an organization level.
* Code quality of Spotter CLI is now further strengthened by using scans with the bandit tool in
  CI/CD.
* Documentation files are now rearranged such that README.md now contains a short introduction
  to Spotter CLI (quickstart), while DOCUMENTATION.md contains the whole usage manual.
* Ensured the use of YAML version 1.1 to match it with the version used by Ansible.
* Fixed parsing of timestamps, which from now on are treated as strings.
* Fixed the "Applying suggestion failed: could not find string to replace" error when using the
  rewrite functionality.
* CLI now uses the "ruamel.yaml" library for parsing YAML files. This is a significant change,
  represented by an increase in the minor version number.

Steampunk Spotter CLI version 2.0.3, 2023-06-28
-----------------------------------------------
* A usability improvement: some command line switch combinations previously resulted in a warning
  and an interactive prompt, where a user was given a choice to continue or break execution. The
  new behavior now results in an error (non-zero) return value along with a description printed
  in console.

Steampunk Spotter CLI version 2.0.2, 2023-06-21
-----------------------------------------------
* Fixed an issue with `scan --ansible-version`.

Steampunk Spotter CLI version 2.0.1, 2023-06-14
-----------------------------------------------
* New `spotter scan --enforce-checks` switch indicates that the corresponding checks need to be
  run regardless of the selected scan profile.
* Configuration of check results to be skipped or enforced can be set permanently in the user's
  workspace in the project config file (.spotter.json) or a configuration file supplied using
  the `--config` switch.
* Scanning now includes the `rescue` and `always` sections from Ansible blocks.
* CLI now warns the user that an empty authentication token, project id or organization id.
* Fixed a rewrite error "local variable 'length_diff' referenced before assignment"
* Fixed error messages in console for 402, 403 or 404 when setting or clearing policies.

Steampunk Spotter CLI version 2.0.0, 2023-05-31
-----------------------------------------------
* New switch `--debug` enables printing out a diagonstics output that shows details on the remote
  endpoint, the user that the request is made on behalf of, organization and project information.

Steampunk Spotter CLI version 1.2.8, 2023-05-11
-----------------------------------------------
* New profile "security" enabled.

Steampunk Spotter CLI version 1.2.7, 2023-05-10
-----------------------------------------------
* New `spotter scan` switch `--skip-checks` accepts a list of check result codes that Spotter will
  then skip when performing a scan.
* It is now possible to scan tasks containing `!vault` or `!unsafe` definitions without causing
  parsing errors.
* Tasks without names are now included in scans.
* Default limit of returned suggestions is now raised to 50.
* The `spotter scan --display-level` no longer accepts the option `success`.
* Fixed bugs in scan rewrites that were failing with errors.

Steampunk Spotter CLI version 1.2.6, 2023-04-26
-----------------------------------------------
* New command `spotter logout` to clear the login credentials of the current endpoint.
* `spotter login` performs a verification against the backend before storing the credentials to the
  local store.
* New support for rewriting module names into fully-qualified collection names after the module's
  FQCN changed.
* Fixed crashes of `spotter scan` when the input contains playbooks with broken blocks, playbooks
  or task files with empty tasks.
* Fixed the display of the commands in help that properly uses kebab case. It also refers to them
  as sub-commands instead of naming them positional arguments.

Steampunk Spotter CLI version 1.2.5, 2023-04-12
-----------------------------------------------
* README, package description now uses the "Ansible Playbook Scanning Tool" instead of "Assisted
  Automation Writing tool" tagline.
* `spotter scan` output includes the result level (`ERROR`, `WARNING` or `HINT`) of each check
  result.
* `spotter scan --rewrite` is now able to automatically rewrite Ansible inline syntax such as those
  in https://gitlab.com/xlab-steampunk/steampunk-spotter-client/spotter-cli/-/tree/main/tests/data/rewriting/input
* `spotter scan --rewrite` is now able to automatically rewrite tasks that use `action` and
  `local_action` syntax with no problems, even when they contain Ansible inline syntax.
* The output now displays result level along with the filename and check result code, e.g.:
  `playbook.yml:42:7: HINT: [H1900] Required collection sensu.sensu_go is missing ...`

**Enterprise plan only:**

* New command `spotter set-policies` lets the users register one or multiple Rego Language for Open
  Policy Agent (OPA) policies. They can be set to a project or a whole organization. These policies
  will be used in any subsequent scans.
* New command `spotter clear-policies` clears the policies previously set in the target project or
  organization.

Steampunk Spotter CLI version 1.2.4, 2023-04-07
-----------------------------------------------
* Fixed an issue where scanning a role that had multiple tasks subdirectories would only include
  last directory's contents. Now, all the playbooks and taskfiles in the whole subtree are scanned.

Steampunk Spotter CLI version 1.2.3, 2023-04-03
-----------------------------------------------
* Introduction of client support for scan profiles using the `scan --profile [ default | full ]`
  switch.
* The scan output now shows the code of the check result, e.g.:
  `playbook.yml:42:7: [H1900] Required collection sensu.sensu_go is missing ...`

Steampunk Spotter CLI version 1.2.2, 2023-03-29
-----------------------------------------------
* New global switch `--endpoint` sets the http API endpoint that the client should use.
* Log in credentials now only get persisted when using `spotter login`. Other commands don't persist
  transient credentials any more.
* New parameter switch `--ansible-version VERSION` accepts the target version of Ansible to scan
  against. The value provided with this switch is now validated and allows versions `2.0`, `2.1`,
  ... `2.15`. At the same time, `--option ansible_version=VERSION` doesn't work any more.
* Changes of the `scan` command's include:
  * `--include-values` and `--include-metadata` are replacing the now deprecated,
  respectively, `--upload-values` and `--upload-metadata` switches.
  * `--parse-values` no longer works.
  * `--project-id`'s short version is now `-p` instead of `-t`.
* Fixed the bug that cleared the stored login credentials for all endpoints and replaced it with
  the newly supplied API token when scanning with `-t`.
* Fixed the bug that put to output:
  `Warning: nonexistent check result type: , valid values are: \['task', 'play', 'requirements', 'ansible_cfg', 'other'\]`

Developer notes:
* Added to CI matrix testing of versions of Python vs. versions of Ansible.
