Release v1.15.0

This release focuses on advanced security diagnostics, introducing native detection for the CVE-2026-31431 (Copy Fail) vulnerability and expanding our Model Context Protocol (MCP) capabilities for security auditing.

🚨 Security Highlights: Copy Fail Detection

We have implemented a specialized diagnostic tool for CVE-2026-31431 (Copy Fail). Unlike standard version-based checks, our agent performs a live, behavioral test to verify if the running kernel is truly vulnerable, ensuring accuracy even on backported or custom kernels.

• Non-destructive Testing: Uses a two-phase diagnostic approach that safely verifies page cache corruption potential without modifying system files.
• txlog copyfail command: A new CLI tool for on-demand local verification.
• Automatic Reporting: The vulnerability status is now automatically included in txlog build executions and reported to the Txlog Server.

✨ Model Context Protocol (MCP) Enhancements

The Txlog Agent's MCP server has been upgraded to provide better security insights for AI assistants:

• get_vulnerable_assets: New tool to instantly list all servers in the fleet affected by critical vulnerabilities.
• get_transaction_vulnerabilities: New tool to query the OSV database for CVEs fixed or introduced in a specific transaction.
• Vulnerability Filtering: Added a vulnerable:true filter to the list_assets tool.

📦 Dependencies

• Bump github.com/mark3labs/mcp-go from 0.49.0 to 0.50.0.
• Bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0.

📖 Documentation

Updated our documentation site with new guides following the Diátaxis framework:

• How-to: Detecting Copy Fail Vulnerability
• Explanation: Copy Fail Detection Logic
• Reference: Updated CLI and MCP tools documentation.

Full Changelog: v1.14.0...v1.15.0