v0.5.0

Added

GitHub Actions

• GitHub Actions integration (action.yml) — run Weasel in CI/CD pipelines with uses: slvDev/weasel@main
• SARIF output format (--format sarif) for GitHub Code Scanning integration
• Nightly release workflow — automatic builds from main on source changes
• weaselup --nightly flag to install latest nightly build
• Example workflows in gh-actions-examples/:
  • weasel-basic.yml — basic analysis with SARIF upload
  • weasel-claude.yml / weasel-claude-diff.yml — Claude-powered review
  • weasel-openai.yml / weasel-openai-diff.yml — OpenAI Codex-powered review
  • weasel-gemini.yml / weasel-gemini-diff.yml — Gemini-powered review
• SHA256 checksums and build attestation for release binaries

Detector Configuration

• exclude_detectors option in weasel.toml and CLI (-x / --exclude-detectors) to skip specific detectors by ID
• exclude_detectors parameter for MCP weasel_analyze tool
• Protocol feature flags in weasel.toml [protocol] section to disable detector groups:
  • uses_fot_tokens — fee-on-transfer token detectors
  • uses_weird_erc20 — non-standard ERC20 detectors
  • uses_native_token — native ETH handling detectors
  • uses_l2 — L2-specific detectors (Arbitrum, Optimism)
  • uses_nft — NFT-related detectors

MCP & IDE Support

• OpenAI Codex CLI support for weasel mcp add/remove (--target codex)
• Gemini CLI support for weasel mcp add/remove (--target gemini)

Changed

• Release workflow uses pinned action SHAs and Cargo caching for faster builds

Nightly 20260127

Nightly Build

This is an automated nightly build from the main branch.

Commit: 092cad9
Date: nightly-20260127-092cad9

⚠️ This is a pre-release build and may be unstable.

Verification

# Verify checksums
sha256sum -c checksums.txt

# Verify attestation (requires gh CLI)
gh attestation verify weasel-<target>.tar.gz --owner slvDev

Installation

# Using weaselup (will install latest stable)
curl -sSL https://raw.githubusercontent.com/slvDev/weasel/main/weaselup/install | bash

# Or download this nightly directly
# macOS (Apple Silicon)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260127-092cad9/weasel-aarch64-apple-darwin.tar.gz | tar xz

# macOS (Intel)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260127-092cad9/weasel-x86_64-apple-darwin.tar.gz | tar xz

# Linux (x86_64)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260127-092cad9/weasel-x86_64-unknown-linux-gnu.tar.gz | tar xz

Nightly 20260126

Nightly Build

This is an automated nightly build from the main branch.

Commit: 98d65ed
Date: nightly-20260126-98d65ed

⚠️ This is a pre-release build and may be unstable.

Verification

# Verify checksums
sha256sum -c checksums.txt

# Verify attestation (requires gh CLI)
gh attestation verify weasel-<target>.tar.gz --owner slvDev

Installation

# Using weaselup (will install latest stable)
curl -sSL https://raw.githubusercontent.com/slvDev/weasel/main/weaselup/install | bash

# Or download this nightly directly
# macOS (Apple Silicon)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260126-98d65ed/weasel-aarch64-apple-darwin.tar.gz | tar xz

# macOS (Intel)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260126-98d65ed/weasel-x86_64-apple-darwin.tar.gz | tar xz

# Linux (x86_64)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260126-98d65ed/weasel-x86_64-unknown-linux-gnu.tar.gz | tar xz

Nightly 20260123

Nightly Build

This is an automated nightly build from the main branch.

Commit: bbb7f91
Date: nightly-20260123-bbb7f91

⚠️ This is a pre-release build and may be unstable.

Verification

# Verify checksums
sha256sum -c checksums.txt

# Verify attestation (requires gh CLI)
gh attestation verify weasel-<target>.tar.gz --owner slvDev

Installation

# Using weaselup (will install latest stable)
curl -sSL https://raw.githubusercontent.com/slvDev/weasel/main/weaselup/install | bash

# Or download this nightly directly
# macOS (Apple Silicon)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260123-bbb7f91/weasel-aarch64-apple-darwin.tar.gz | tar xz

# macOS (Intel)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260123-bbb7f91/weasel-x86_64-apple-darwin.tar.gz | tar xz

# Linux (x86_64)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260123-bbb7f91/weasel-x86_64-unknown-linux-gnu.tar.gz | tar xz

Nightly 20260121

Nightly Build

This is an automated nightly build from the main branch.

Commit: b512c6b
Date: nightly-20260121-b512c6b

⚠️ This is a pre-release build and may be unstable.

Verification

# Verify checksums
sha256sum -c checksums.txt

# Verify attestation (requires gh CLI)
gh attestation verify weasel-<target>.tar.gz --owner slvDev

Installation

# Using weaselup (will install latest stable)
curl -sSL https://raw.githubusercontent.com/slvDev/weasel/main/weaselup/install | bash

# Or download this nightly directly
# macOS (Apple Silicon)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260121-b512c6b/weasel-aarch64-apple-darwin.tar.gz | tar xz

# macOS (Intel)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260121-b512c6b/weasel-x86_64-apple-darwin.tar.gz | tar xz

# Linux (x86_64)
curl -sSL https://github.com/slvDev/weasel/releases/download/nightly-20260121-b512c6b/weasel-x86_64-unknown-linux-gnu.tar.gz | tar xz

v0.4.6

Added

New Detectors

Low

• constant-decimals - prefer constants for decimals

NC (Non-Critical)

• abstract-in-separate-file - abstract contracts should be in separate files
• array-ranged-getter - use ranged getter for array access
• bool-init-false - unnecessary boolean initialization to false
• nc-combine-mappings - mappings with same key can be combined into struct
• complex-require - complex require statements should be simplified
• constant-expression - expressions that could be constants
• constructor-emit-event - constructors should emit events
• delete-instead-of-false - use delete instead of setting to false
• delete-instead-of-zero - use delete instead of setting to zero
• duplicate-string-literal - duplicate string literals in code
• empty-blocks - empty code blocks
• error-definition-no-args - error definitions without arguments
• external-call-in-modifier - external calls in modifiers
• floating-pragma - floating pragma version
• initialism-capitalization - incorrect capitalization of initialisms (URL, ID)
• initializer-emit-event - initializers should emit events
• interfaces-contracts-same-file - interfaces and contracts in same file
• library-in-separate-file - libraries should be in separate files
• many-function-params - functions with too many parameters
• many-return-values - functions with too many return values
• mixed-int-uint-style - mixed int/uint and int256/uint256 style
• multiple-abstract-contracts - multiple abstract contracts in one file
• multiple-contracts - multiple contracts in one file
• multiple-interfaces - multiple interfaces in one file
• multiple-libraries - multiple libraries in one file
• named-function-args - use named function arguments for clarity
• named-returns - use named returns for clarity
• prefer-custom-errors - use custom errors instead of require/assert
• unnamed-revert - revert without custom error identifier
• unused-private-function - unused private functions
• zero-argument - literal zero as function argument

v0.4.5

Changed

Skill Improvements

weasel-gas - Chain-aware gas optimization

• Auto-detect target chain from config (foundry, hardhat, truffle)
• L2 rules: prioritize calldata reduction, skip storage micro-opts
• Cheap L1 rules (Polygon, BSC): only report >1000 gas savings
• Reject non-EVM chains (Solana, Tron, etc.)

weasel-simplify - Dual-mode operation

• Developer Mode: edit files, run tests, commit
• Auditor Mode: create simplified view without modifying code
• Auto-detect based on context

weasel-poc - Clean output

• Assertions prove the bug, not console.log
• No banners, celebration messages, or decorative output
• Pre-commit checklist

weasel-report - File-first output

• Always write to findings/H-01-description.md
• Link to PoC files instead of pasting code

weasel-analyzer, weasel-validate, weasel-filter, weasel-overview - Context-first

• Check README and known-issues.md before analysis
• Prevents reporting known issues or design decisions as bugs
• New verdicts: KNOWN ISSUE, BY DESIGN

weasel-explainer - Better guidance

• "When NOT to Use" redirects to appropriate skills

Added

New Detectors

• long-calculations - flag complex math that may overflow
• unchecked-low-level-call - missing success check on call/delegatecall
• upgradable-token-interface - detect upgradable token patterns
• unsafe-low-level-call - risky low-level call usage
• large-approval - type(uint256).max approvals
• assembly-abi-decode - manual ABI decoding in assembly
• variable-inside-loop - storage/memory allocation in loops
• countdown-loop - gas-inefficient loop direction
• combine-mappings - mappings that could be structs
• cached-msg-sender - unnecessary msg.sender caching
• cached-immutable - redundant immutable caching
• cached-constant - redundant constant caching
• assembly-storage-write - direct sstore in assembly
• address-this-precalculation - address(this) computed repeatedly

Full Changelog: v0.4.0...v0.4.5

v0.4.0

Full Changelog: v0.3.1...v0.4.0

v0.3.1

Full Changelog: v0.3.0...v0.3.1

v0.3.0

Full Changelog: v0.2.1...v0.3.0