/docs/stability
Stability & versioning.
Rugproof follows Semantic Versioning. As of v1.0.0, the following surfaces are stable within the 1.x line.
Stable surfaces (no breaking changes in 1.x)
| Surface | Guarantee |
|---|---|
| Findings JSON schema | schemas/finding.schema.json is frozen. New optional fields may be added; required fields and their meaning won't change. |
| Command names | Existing /commands keep their names and core behavior. New commands are additive. |
| MCP tool signatures | Tool names and required inputs are stable. New tools / optional inputs are additive. |
| Config keys | .rugproof.yml keys are stable; new keys default to current behavior. |
| Offline behavior | Every server keeps its labeled-stub fallback; zero-config installs keep working. |
What can change in a minor (1.x)
- New commands, agents, skills, MCP servers/tools, and rule packs.
- Improved detection (more/better findings) — recall and precision may rise.
- New optional config keys and output fields.
- Deeper integrations behind existing tools (e.g. more chains).
What only changes in a major (2.0)
- Removing or renaming a command, MCP tool, or required finding field.
- Changing the meaning of an existing severity or grade.
- Dropping a supported language or chain.
Deprecation policy
Anything slated for removal is marked deprecated for at least one minor release, with a migration note in the changelog, before a major removes it.