v0.1.0-beta.5

Added

• Reporting feature with filters for standard and risk level.
• New tag controls fields in remediations.

Improved

• Enhanced the prompt for better usability and clarity.
• Separated the type field for STRIDE to improve clarity and maintainability.

v0.1.0-beta.4

Changes

• Fix real-time risk calculation updates in Analysis component
• Implement 1 decimal place formatting for risk values (was showing 2 decimals)
• Create centralized risk calculation utilities in utils/riskCalculations.js
• Extract textarea helpers to utils/textareaHelpers.js for reusability
• Add RiskDisplay component for consistent risk value presentation
• Add ResidualRiskSelector component with invisible overlay approach
• Remove duplicate functions: createCurrentRiskDisplay, createResidualRiskSelector
• Consolidate getRiskValue functions into generic implementation
• Clean up unused variables and imports (expandedSections, toggleSection, ThreatCard)
• Translate all Spanish comments to English for professional standards
• Add ESLint suppressions for appropriate edge cases
• Maintain backward compatibility with existing API structure
• All 79 frontend tests passing successfully

Technical improvements:

• Better state management with direct React state references
• Modular component architecture with separated concerns
• Consistent 1-decimal OWASP risk formatting: (Likelihood + Impact) / 2
• Eliminated ~200 lines of redundant code from Analysis.jsx
• Enhanced maintainability and code readability

v0.1.0-beta.3

Changes

• Refined prompt: adjusted structure and configuration to achieve more accurate and reliable results.

v0.1.0-beta.2

Changes

• Fix in docker-compose: improved the structure and configuration of services.
• Fix in start.sh: the script now fails explicitly if containers did not start correctly.
• Added alembic.ini: versioned configuration file for managing migrations with Alembic.

v0.1.0-beta.1

v0.1.0-beta.1

🚀 Added

• First beta release of Tzu.
• Preliminary threat identification using STRIDE (with compliance factors).
• STRIDE – OWASP Risk Rating matrix for threat prioritization.
• Consideration of OWASP ASVS/MASVS for security requirements and controls.
• Automatic report generation in PDF.
• Initial architecture:
  • Frontend: React (SPA).
  • Backend: Python + FastAPI.
  • Database: PostgreSQL.
  • AI Integration: OpenAI and Anthropic.
  • Deployment: Docker.

🧭 Roadmap

• Dashboards with risk metrics and threat evolution.
• Additional export options (Excel and JSON).
• Integration with open source tools.
• Collaborative and multi-user functionality.

⚠️ Known Limitations

• Automated analysis is preliminary and requires expert validation.
• LLM-based analysis may generate false positives/negatives.

---

“Victorious warriors win first and then go to war; defeated warriors go to war first and then seek to win.” — Sun Tzu