v0.11.0

Changelog

• 2faec1c: chore(license): restore Apache-2.0 LICENSE to verbatim canonical template (@yuchou87)
• 842e074: chore(makefile): output binary to bin/, add bin/ to .gitignore (#63) (@yuchou87)
• 60b78ae: chore(release): prepare v0.11.0 changelog (@yuchou87)
• 0269f31: docs(NOTICE): correct 2 license errors + soften "viewed" claims to "embedded or derived" (@yuchou87)
• d81b2a2: docs(NOTICE): expand EvoMaster section to enumerate all 6 concept-level references (@yuchou87)
• 52a9104: docs(gen): document --force, --annotation-batch, dedup, and hurl headers (#72) (@yuchou87)
• 0d3ee23: feat(config): validate AI config fields on load (#66) (@yuchou87)
• 768ace4: feat(doctor): add AWS Bedrock credential and region checks (@yuchou87)
• 1531e7c: feat(gen): batch LLM annotation with --annotation-batch flag (#70) (@yuchou87)
• 84715b9: feat(gen): rate-limit backoff, English labels, case_name field, spec-hash dedup (#69) (@yuchou87)
• 0d1bc25: feat(onboard): redesign wizard — provider sub-prompts, MCP/skill multi-select, home-dir config (#64) (@yuchou87)
• 496707d: feat(render): path-first filenames for test case output files (#67) (@yuchou87)
• 5bff8c5: feat: AWS Bedrock provider support (#61) (@yuchou87)
• 7409805: fix(deps): bump google.golang.org/grpc to v1.80.0 for GHSA-p77j-4mvh-x3m3 (@yuchou87)
• 566dac5: fix(gen): route warn lines through TUI instead of raw stderr (#65) (@yuchou87)
• 39cf4d4: fix(test): make no-provider tests robust against real ~/.caseforge.yaml (#71) (@yuchou87)
• a92a0ea: fix(tui): show annotation progress during LLM pre-pass (#68) (@yuchou87)

v0.10.2

Changelog

• 3344f43: fix(doctor): AI disabled warning only when all provider keys missing (@yuchou87)
• 327ddfd: fix(doctor): remove stale tree-sitter CLI check (@yuchou87)
• b091f1c: fix(doctor): remove stale tree-sitter CLI check (#60) (@yuchou87)
• cea6fa3: test(acceptance): update AT-044 to reflect removed tree-sitter check (@yuchou87)

v0.10.1

Bug Fixes

Documentation & CLI accuracy fix (#59)

• Fixed allTechniqueNames shell-completion list — 3 stale entries did not match the actual Name() values used by --technique at runtime, causing --technique idempotent, --technique examples, and --technique chain to silently match nothing
  • idempotent → idempotency
  • examples → example_extraction
  • chain → chain_crud
• Updated README techniques table to reflect correct --technique flag values
• Updated SKILL.md with correct technique names, added missing owasp_api_top10_spec, schema_violation, variable_irrelevance entries, and --save-history filename

Upgrade

brew upgrade caseforge
# or
go install github.com/testmind-hq/caseforge@latest

v0.10.0

What's New

Paper-inspired API Testing Techniques (#58)

• --auth-bootstrap — Prepends an auth setup step to all secured-endpoint cases so every technique works out of the box against authenticated APIs
• Run failure classification — Failed cases are automatically tagged server_error / missing_validation / auth_failure / security_regression
• score --fill-gaps — Detects operations missing 2xx or 4xx coverage and auto-generates cases to close the gaps
• --with-oracles — Two-step OC (Observation-Confirmation) LLM prompting mines response body constraints and injects them as assertions
• business_rule_violation technique — Generates negative cases from LLM-annotated implicit business rules
• chain_sequence technique — Detects non-CRUD producer-consumer chains via Jaccard field-name similarity
• caseforge conformance — Mines oracle constraints and reports spec-vs-implementation mismatches against a live API

Portman/Microcks-inspired Techniques (#57)

• Semantic annotation, field boundary, HAR import, conformance CI gate

CATS-inspired Fuzzing (#56)

• Type coercion, unicode fuzzing, mass assignment, IDOR, explore extensions, pattern datagen

Schemathesis-inspired Features (#55)

• Operation filtering, response schema validation, constraint_mutation, coverage scenarios, max-failures, rule dedup

EvoMaster-inspired Dynamic Testing (#54)

• Dynamic API exploration enhancements

RESTler-inspired Dependency Graph & Chains (#53)

• Dependency graph, chain technique, mutation, auth-chain, BFS chain command

Tcases-inspired Techniques (#52)

• Six new test generation techniques

Upgrade

brew upgrade caseforge
# or
go install github.com/testmind-hq/caseforge@latest

v0.9.0

New Features

Webhook Push Notifications

Configure on_generate / on_run_complete webhooks in .caseforge.yaml to receive real-time events as cases are generated. Supports HMAC-SHA256 request signing, configurable timeouts, and exponential backoff retry.

webhooks:
  - url: https://hooks.example.com/caseforge
    events: [on_generate, on_run_complete]
    secret: your-hmac-secret
    max_retries: 3

Test Case Scoring (caseforge score)

Multi-dimensional quality scoring of generated test cases: technique coverage, methodology distribution, priority balance, and OWASP coverage.

caseforge score --cases ./cases
caseforge score --cases ./cases --format json

TUI Progress & Checkpoint Resume

Live operation progress list during gen. Interrupted runs can be resumed from where they left off:

caseforge gen --spec openapi.yaml --resume

New Techniques

classification_tree (MBT Classification Tree) and orthogonal_array added to --technique.

CLI Commands

• caseforge watch — watch a spec file and regenerate on change
• caseforge stats — show test case statistics
• caseforge ci init — generate CI workflow configs (GitHub Actions, GitLab CI, Jenkins, shell)

MCP Tools

lint_spec and ask_test_cases tools now exposed via the MCP server.

DEA Edge Case Hypotheses

Array constraint, required query parameter, and format violation probes added to dynamic API exploration.

Improvements

gotreesitter Migration (RBT)

The Risk-Based Testing engine no longer requires the external tree-sitter binary. Route extraction and callgraph analysis now use the embedded github.com/odvcencio/gotreesitter pure-Go library — no PATH dependency, tests run hermetically.

Score Bug Fix

caseforge score now groups operations by CaseSource.SpecPath (canonical METHOD /path) instead of Steps[0].Path. OWASP attack-injected step paths no longer inflate the operation count.

Documentation

• All 23 commands documented with complete flag reference
• Webhook configuration section with event table and HMAC signing note
• Techniques table corrected (owasp_api_top10, example_extraction added)
• Chinese README (README.zh-CN.md) fully synced
• skills/caseforge/SKILL.md updated with common workflow examples

v0.8.0

Changelog

• 8dc2582: Initial commit (yuchou 47242699+yuchou87@users.noreply.github.com)
• cc15b50: Revert "feat: Phase 2 — chain cases, TUI, CSV, event bus, URL encoding, repor…" (#3) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 71fdc0c: Update .gitignore (yuchou 47242699+yuchou87@users.noreply.github.com)
• 8f18835: feat(PH2-15): example extraction & validation — extract OpenAPI examples, validate, generate test cases (#34) (yuchou 47242699+yuchou87@users.noreply.github.com)
• dc15905: feat(cmd): add caseforge onboard interactive setup wizard (#14) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 2d72efa: feat(datagen): semantic field inference + cross-field consistency (PH2-10, PH2-11) (#32) (yuchou 47242699+yuchou87@users.noreply.github.com)
• f7026f2: feat(dea): Dynamic Exploration Agent — hypothesis tree + implicit rule inference (#15) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 69c7ac4: feat(dedupe): duplicate test case detection and reporting (#17) (yuchou 47242699+yuchou87@users.noreply.github.com)
• ca041d5: feat(diff): 3.3 diff --gen-cases — auto-generate test cases for breaking operations (#33) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 7224f02: feat(export): 3.2 caseforge export — Allure, Xray, TestRail adapters (#31) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 40b432c: feat(gen): add --technique, --priority, --operations, --concurrency flags (P1-1~P1-4) (#24) (yuchou 47242699+yuchou87@users.noreply.github.com)
• af0a98c: feat(hurl,cli): Appendix B structured comments + exit codes 3 & 4 (P1-14, P1-15, P1-16) (#27) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 419eca1: feat(lint): lint enhancement — 9 new rules, --format json, --output, --skip-rules, .caseforgelint.yaml (#19) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 0a39c11: feat(output): index.json metadata fields and assertion operators (1.2 + 1.3) (#25) (yuchou 47242699+yuchou87@users.noreply.github.com)
• b33e656: feat(rbt): --generate auto-generates test cases for HIGH-risk operations (2.2) (#28) (yuchou 47242699+yuchou87@users.noreply.github.com)
• c745636: feat(rbt): 2.3 complete Embed Phase — cosine similarity → RouteMapping (#29) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 481652a: feat(rbt): LLM parser improvements — concurrency, spec candidates, content cache (#26) (yuchou 47242699+yuchou87@users.noreply.github.com)
• e0c24c0: feat(rbt): RBT V2 — BuildCallGraph for service/DAO/utils file tracing (#20) (yuchou 47242699+yuchou87@users.noreply.github.com)
• e494644: feat(rbt): RBT V3 — Go type-aware call graph via RTA/PTA (#21) (yuchou 47242699+yuchou87@users.noreply.github.com)
• e1f5cca: feat(rbt): Risk-Based Testing — git diff → API coverage gap report (#16) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 6d8c62f: feat(rbt): replace deprecated go/pointer (PTA) with VTA for Go 1.26 compatibility (#23) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 63ace0c: feat(render): complete assertion operator rendering — matches, is_iso8601, is_uuid, gt (#38) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 5d17518: feat(run): add --target and --output flags to close the gen→run loop (#18) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 0bad36c: feat(suite): TestSuite cross-case DAG orchestration (PH2-13) (#35) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 930c8e6: feat: Phase 2 — chain cases, TUI, CSV, event bus, URL encoding, report parsing (#2) (yuchou 47242699+yuchou87@users.noreply.github.com)
• a50ccaa: feat: Phase 2 — chain cases, TUI, CSV, event bus, URL encoding, report parsing (#4) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 2f3e3f5: feat: Phase 3 — OWASP security testing, full lint rules, Postman renderer, spec diff (#5) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 7a2c91c: feat: Phase 4 — k6 renderer and caseforge run enhancement (#6) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 07aaa7e: feat: Phase 5 — MCP Sampling mode (caseforge mcp command) (#8) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 1def10c: feat: add MarkdownRenderer (P1) and CSVRenderer stub (P2) (yuchou87 yuchou87@gmail.com)
• 4cc885e: feat: add NoopProvider and AnthropicProvider with factory (yuchou87 yuchou87@gmail.com)
• e1c3e1d: feat: add all CLI command stubs (doctor, init, lint, run, pairwise, fake) (yuchou87 yuchou87@gmail.com)
• b5c2a69: feat: add basic and schema assertion generators (yuchou87 yuchou87@gmail.com)
• c30178c: feat: add cobra root command and viper config loading (yuchou87 yuchou87@gmail.com)
• 3fd67fb: feat: add event stubs, wire pairwise/fake commands, add SKILL.md (yuchou87 yuchou87@gmail.com)
• ed2fa5d: feat: add gen command stub — binary now compiles and runs (yuchou87 yuchou87@gmail.com)
• f05d04b: feat: add testdata and end-to-end integration tests (yuchou87 yuchou87@gmail.com)
• 7d174fc: feat: define all core interfaces (SpecLoader, LLMProvider, Technique, Renderer, SchemaWriter) (yuchou87 yuchou87@gmail.com)
• 6313a46: feat: implement 3-tier data generation (format/fieldname/type fallback) (yuchou87 yuchou87@gmail.com)
• 764d4b9: feat: implement HurlRenderer (P0) with technique annotations (yuchou87 yuchou87@gmail.com)
• b865a79: feat: implement Pairwise IPOG algorithm and technique (yuchou87 yuchou87@gmail.com)
• 45a6c7a: feat: implement SchemaWriter (index.json read/write) (yuchou87 yuchou87@gmail.com)
• 3230037: feat: implement SpecLoader with LocalLoader and URLLoader (kin-openapi) (yuchou87 yuchou87@gmail.com)
• 4abd333: feat: implement boundary value, decision table, state machine, idempotency techniques (yuchou87 yuchou87@gmail.com)
• 6794648: feat: implement equivalence partitioning technique (yuchou87 yuchou87@gmail.com)
• 042135a: feat: implement lint command with structured issue output (yuchou87 yuchou87@gmail.com)
• 457dae8: feat: implement lint rules L001–L006 (P0: L004/L005/L006 errors; P1: L001/L002/L003 warnings) (yuchou87 yuchou87@gmail.com)
• e695fde: feat: implement run command (delegates to hurl binary) (yuchou87 yuchou87@gmail.com)
• e9ce34f: feat: initialize Go module and create project skeleton (yuchou87 yuchou87@gmail.com)
• 445bb65: feat: multi-provider LLM support (OpenAI, Gemini, DeepSeek/openai-compat) (#9) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 218ef75: feat: wire all techniques into methodology Engine with LLM semantic annotation (yuchou87 yuchou87@gmail.com)
• 61069ec: feat: wire gen command with real spec loader, methodology engine, and Hurl renderer (yuchou87 yuchou87@gmail.com)
• 8621f93: fix(rbt): align V3 --depth semantics with V2 (R-8) (#30) (yuchou 47242699+yuchou87@users.noreply.github.com)
• d0c275f: fix(rbt): wire real LLM provider to LLMParser (R-1/R-2/R-3) (#37) (yuchou 47242699+yuchou87@users.noreply.github.com)
• da55b6e: fix: IPOG key uniqueness, add decision/state/idempotency tests, minor cleanups (yuchou87 yuchou87@gmail.com)
• b26e56f: fix: SchemaWriter — named IndexSchemaURL constant, wrap WriteFile error (yuchou87 yuchou87@gmail.com)
• 4c21009: fix: consolidate buildValidBody, remove dead suffix param, boundary source assertions, hurl error handling/determinism (yuchou87 yuchou87@gmail.com)
• c5acb54: fix: engine annotation dead error return, IPOG single-param guard, annotation test coverage (yuchou87 yuchou87@gmail.com)
• e3fd090: fix: gen format flag uses Changed(), lint propagates config error, test cleanup (yuchou87 yuchou87@gmail.com)
• 68f1468: fix: methodology spec issues — pairwise applies consistency, decision boolean handling, LLM JSON fence stripping (yuchou87 yuchou87@gmail.com)
• 65bb408: fix: nil-typed-interface Body in buildTestCase causing spurious null body in Hurl output (yuchou87 yuchou87@gmail.com)
• ea07941: fix: restore ask, config show, completion commands lost in main rebuild (yuc...

v0.7.0

Changelog

• 73843ca: Initial commit (yuchou 47242699+yuchou87@users.noreply.github.com)
• c1d6101: Revert "feat: Phase 2 — chain cases, TUI, CSV, event bus, URL encoding, repor…" (#3) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 92b2226: Update .gitignore (yuchou 47242699+yuchou87@users.noreply.github.com)
• 81380c4: feat: Phase 2 — chain cases, TUI, CSV, event bus, URL encoding, report parsing (#2) (yuchou 47242699+yuchou87@users.noreply.github.com)
• c7e20ac: feat: Phase 2 — chain cases, TUI, CSV, event bus, URL encoding, report parsing (#4) (yuchou 47242699+yuchou87@users.noreply.github.com)
• c9b9a1f: feat: Phase 3 — OWASP security testing, full lint rules, Postman renderer, spec diff (#5) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 9e7303a: feat: Phase 4 — k6 renderer and caseforge run enhancement (#6) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 667a8f0: feat: Phase 5 — MCP Sampling mode (caseforge mcp command) (#8) (yuchou 47242699+yuchou87@users.noreply.github.com)
• e4acce9: feat: add MarkdownRenderer (P1) and CSVRenderer stub (P2) (yuchou87 yuchou87@gmail.com)
• 387d40c: feat: add NoopProvider and AnthropicProvider with factory (yuchou87 yuchou87@gmail.com)
• 88d4aec: feat: add all CLI command stubs (doctor, init, lint, run, pairwise, fake) (yuchou87 yuchou87@gmail.com)
• 92e071d: feat: add basic and schema assertion generators (yuchou87 yuchou87@gmail.com)
• 5c680cb: feat: add cobra root command and viper config loading (yuchou87 yuchou87@gmail.com)
• 8da937d: feat: add event stubs, wire pairwise/fake commands, add SKILL.md (yuchou87 yuchou87@gmail.com)
• 5ea54a9: feat: add gen command stub — binary now compiles and runs (yuchou87 yuchou87@gmail.com)
• a65dc3f: feat: add testdata and end-to-end integration tests (yuchou87 yuchou87@gmail.com)
• ad74836: feat: define all core interfaces (SpecLoader, LLMProvider, Technique, Renderer, SchemaWriter) (yuchou87 yuchou87@gmail.com)
• 87a0bf0: feat: implement 3-tier data generation (format/fieldname/type fallback) (yuchou87 yuchou87@gmail.com)
• 9326871: feat: implement HurlRenderer (P0) with technique annotations (yuchou87 yuchou87@gmail.com)
• 595cb87: feat: implement Pairwise IPOG algorithm and technique (yuchou87 yuchou87@gmail.com)
• 899f528: feat: implement SchemaWriter (index.json read/write) (yuchou87 yuchou87@gmail.com)
• a242bae: feat: implement SpecLoader with LocalLoader and URLLoader (kin-openapi) (yuchou87 yuchou87@gmail.com)
• 45bf07d: feat: implement boundary value, decision table, state machine, idempotency techniques (yuchou87 yuchou87@gmail.com)
• 9ce86a1: feat: implement equivalence partitioning technique (yuchou87 yuchou87@gmail.com)
• ce21e84: feat: implement lint command with structured issue output (yuchou87 yuchou87@gmail.com)
• 88a131b: feat: implement lint rules L001–L006 (P0: L004/L005/L006 errors; P1: L001/L002/L003 warnings) (yuchou87 yuchou87@gmail.com)
• fd61781: feat: implement run command (delegates to hurl binary) (yuchou87 yuchou87@gmail.com)
• d7ec74d: feat: initialize Go module and create project skeleton (yuchou87 yuchou87@gmail.com)
• 24df1bb: feat: multi-provider LLM support (OpenAI, Gemini, DeepSeek/openai-compat) (#9) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 54aa96e: feat: wire all techniques into methodology Engine with LLM semantic annotation (yuchou87 yuchou87@gmail.com)
• 8faf572: feat: wire gen command with real spec loader, methodology engine, and Hurl renderer (yuchou87 yuchou87@gmail.com)
• 9921f2c: fix: IPOG key uniqueness, add decision/state/idempotency tests, minor cleanups (yuchou87 yuchou87@gmail.com)
• 7fb41c3: fix: SchemaWriter — named IndexSchemaURL constant, wrap WriteFile error (yuchou87 yuchou87@gmail.com)
• e68d36c: fix: consolidate buildValidBody, remove dead suffix param, boundary source assertions, hurl error handling/determinism (yuchou87 yuchou87@gmail.com)
• f6e7965: fix: engine annotation dead error return, IPOG single-param guard, annotation test coverage (yuchou87 yuchou87@gmail.com)
• bae68cc: fix: gen format flag uses Changed(), lint propagates config error, test cleanup (yuchou87 yuchou87@gmail.com)
• 410f55e: fix: methodology spec issues — pairwise applies consistency, decision boolean handling, LLM JSON fence stripping (yuchou87 yuchou87@gmail.com)
• 12e696a: fix: nil-typed-interface Body in buildTestCase causing spurious null body in Hurl output (yuchou87 yuchou87@gmail.com)
• 3fd233e: fix: restore config layering in gen command, add runner tests (yuchou87 yuchou87@gmail.com)
• d99017c: fix: review feedback — HEAD null body, interface guards, stale help text, unused params (#7) (yuchou 47242699+yuchou87@users.noreply.github.com)
• 08ad5ef: fix: use os.Getenv for ANTHROPIC_API_KEY and HOME config path (yuchou87 yuchou87@gmail.com)