github manuelschipper/nah v0.8.3
on GitHub

5 hours ago

Added

  • HTTP and REST API intent classification — visible HTTP API calls now
    classify by service intent: GET/HEAD/OPTIONS use context-resolved
    service_read, POST/PUT/PATCH use service_write, DELETE and destructive
    paths use service_destructive, and remote service actions still participate
    in network data-flow blocks such as curl ... | bash. (nah-910)
  • GraphQL operation intent classification — visible GraphQL operations now
    classify by action intent instead of HTTP method alone: queries and
    subscriptions use context-resolved service_read, mutations use
    service_write, destructive mutation names/root fields use
    service_destructive, and hidden or ambiguous documents stay on ask paths.
    (nah-911)
  • JSON-RPC and MCP method intent classification — visible JSON-RPC request
    bodies now classify by method intent before REST fallback: read-like methods
    use context-resolved service_read, write-like methods use service_write,
    destructive methods use service_destructive, and generic MCP tool
    invocation stays on an ask path unless a separate trusted tool classifier
    handles it. (nah-912)
  • gRPC CLI method intent classification — visible grpcurl calls now
    classify by method intent: read-like methods and reflection verbs use
    context-resolved service_read, write-like methods use service_write,
    destructive methods use service_destructive, and missing or unknown
    methods stay on ask paths. (nah-913)
  • WebSocket and Socket.IO event intent classification — visible wscat
    and websocat commands now distinguish connection-only traffic from sends,
    classify visible event names into service_read, service_write, or
    service_destructive, parse simple visible Socket.IO 42[...] event
    packets, and keep opaque sends on ask paths. (nah-914)
  • SQLite read-only CLI classification — explicit read-only sqlite3
    inspection commands now classify as db_read for simple SELECT, safe
    EXPLAIN, safe PRAGMA introspection, and safe dot commands; bare SQLite,
    script-fed SQL, mutating SQL, unsafe helpers, and ambiguous forms stay
    db_write. (nah-916)
  • Postgres read-only CLI classification — explicit one-shot psql
    inspection commands now classify as db_read when they set same-invocation
    PGOPTIONS to default_transaction_read_only, disable psql startup files,
    and use a narrow read-only SQL allowlist; bare, script-fed, mutating, or
    ambiguous Postgres commands stay on existing db_write ask paths. (nah-bqe)

Fixed

  • Package script argument boundary classificationnpm run <script> --,
    pnpm run <script> --, bun run <script> --, and explicit package exec
    payloads no longer treat child arguments such as -g, --global, or
    --target as package-manager global install flags; malformed or
    package-owned global flags still ask. (nah-917)
  • Curl host extraction skips body and option values — curl/wget-style host
    detection now ignores option values such as JSON bodies, config files, cert
    paths, and headers before selecting the actual request URL. (nah-909)
Check out latest releases or
releases around manuelschipper/nah v0.8.3

Don't miss a new nah release

NewReleases is sending notifications on new releases.

Get notifications