boecht/birre v4.0.0 on GitHub

[4.0.0] - 2025-11-19

Breaking: Require Python 3.13+ to unlock simplified async handling, improved asyncio reliability,
and enhanced type inference
TOP: Reduce CLI and diagnostics codebase by over 3,200 lines through systematic removal of duplicate helpers
and obsolete delegation layers for faster startup and lower memory usage
TOP: Improve interactive search for risk managers with parent company enrichment, rating color details,
subscription state, and folder membership to support informed bulk operations
Standardize test selection flags (--offline, --online-only) across CLI, docs, and workflows for consistent usage
Replace mypy with pyright for type checking to simplify CI setup and improve type inference across toolchain
Consolidate subscription helpers (automatic folder creation, dry-run previews, audit summaries)
across manage_subscriptions and request_company for safer workflows
Enhance async/sync bridge with proper event loop lifecycle management to eliminate race conditions and improve robustness
Improve Windows/macOS/Linux parity with cross-platform test matrix running under Python 3.13

TOP: Add bulk company request workflow accepting CSV domain lists (1–255 entries)
with automatic deduplication via BitSight company search, multipart CSV submission to v2 bulk API,
and structured reporting of submitted/existing/failed domains
TOP: Add offline selftest replay samples enabling diagnostics to run without network connectivity
by replaying recorded BitSight responses
Add automatic folder resolution and creation for subscription management and company request workflows
with timestamped audit metadata
Add property-based testing (Hypothesis) to detect edge cases automatically in rating and findings logic
Add performance benchmarks (pytest-benchmark) for critical paths to track regressions over time
Add complexity checking (mccabe) to enforce maximum function complexity threshold and surface refactor candidates
Add dependency review, Scorecard, and Codecov workflows for safer dependencies and coverage transparency
Add MegaLinter local runner with pre-commit hooks for comprehensive linting before pushing
Add clear contribution guidelines and code of conduct for community engagement

Remove dry-run shortcuts from diagnostics so production selftests execute real API calls for authentic validation
Remove thousands of lines of duplicate and obsolete CLI/diagnostic helper code to lower memory usage and improve performance

Fix configuration validation to use equality comparison instead of identity for reliable parameter source detection
across enums and choices
Fix interactive search 403 errors by creating required ephemeral subscriptions before fetching company details
Fix background task handling to keep tasks alive during sync bridge tests preventing premature cancellation issues
Fix event loop closed errors during server startup
Fix Windows path and whitespace normalization in CLI tests to avoid spurious failures across platforms

Sign every release artifact with Sigstore, publish SBOMs, and enforce GitHub dependency review throughout release pipeline
Apply StepSecurity automated best practices to harden GitHub Actions workflows
Add Dependency Review Action to block introduction of known vulnerable packages before merge
Add OpenSSF Scorecard supply-chain security analysis for continuous security posture monitoring
Add Python 3.14 to CI cross-platform matrix to validate forward compatibility
Maintain reproducible and verifiable CI by pinning critical GitHub Actions versions for stability
Expand automated code scanning (CodeQL) coverage for earlier vulnerability detection
Harden release workflow with strict version validation and sanitized tag extraction to prevent command injection