Skip to main content

Release Notes

The azuma nori Standalone Client keeps itself up to date: it checks for updates automatically, offers a one-click Restart & update, and shows a What's New window the first time you open a new version (you can reopen it anytime from the sidebar). See Installation.

The current release is 1.10.0.

1.10.0 (current)

  • Use OpenAI models through the Codex CLI — Add an OpenAI model with the connection type set to "CLI" to run wiki and analysis through your local, already-signed-in OpenAI Codex CLI — no API key needed, just like the Claude and Gemini CLI options. Testing the connection now works instead of failing with an "empty key" error, and a direct OpenAI model that's missing its API key now shows a clear message telling you to add a key or switch to the CLI. See LLM Models & Usage.
  • Free plan — Sign in with any azuma account, even without a nori license. Free workspaces can run three essential code-analyzable BSI TR-03161 controls (hard-coded secrets, strong password policies, and secure generation of session/user identifiers); the remaining controls stay visible but locked until you upgrade. See Freemium.
  • Create an account from the login screen — New users no longer need a pre-existing azuma doa login. A "Create one" link on the sign-in screen opens a registration form that creates your account together with your own azuma workspace. Verify your email with the code we send you and sign in right away.
  • Analysis-Only projects — Create a project that runs compliance analysis directly against your code without building source-code wikis first. Pick "Analysis-Only" when creating a project for a leaner workflow: the source-code wiki tab, indexing, and related settings are hidden, while evidence documents ("Wiki (Files)") still work as usual. Each project's type is now shown at a glance — on the project cards, the project header, and its settings — so you can tell Discovery + Analysis and Analysis-Only projects apart. The project type is chosen at creation and can't be changed later.
  • See which code version each control was checked against — Analysis results now record the git commit (and branch) of the exact repository state each control was evaluated against, shown on the control result and cited in regulatory reports, so every result can be traced back to the source it came from.
  • Mark a finding as "Not Applicable" — When reviewing analysis results you can now suppress a finding as Not Applicable, alongside the existing False Positive, Accepted Risk, and Mitigated overrides; suppressed findings no longer count toward failures or warnings.
  • Use a self-hosted or local AI model — Run wiki and analysis against a model hosted on your own machine or network over an OpenAI-compatible endpoint (Ollama, llama.cpp, LM Studio, vLLM, and similar). Pick "Local / OpenAI-compatible" when adding a model, point it at your endpoint, and your code and findings never leave your network — no cloud API key required. See LLM Models & Usage.
  • New BSI TR-02102 cryptography policies — Evaluate your project against the German BSI Technical Guideline TR-02102-1 (cryptographic mechanisms) and TR-02102-2 (TLS), now available as ready-to-use policies.
  • Custom CLI model path now applies to every run — A custom CLI executable path or working directory configured on a model is now used for analysis, wiki, and document-indexing runs too, not just the connection test — so a custom install that tested fine no longer fails mid-run.
  • Nori's own data folder is left out of analysis — When your Nori data folder sits inside the scanned project, it's no longer treated as source code, so analysis and wiki results stay focused on your actual codebase.
  • Fewer false alarms in the hard-coded-secrets check — The BSI TR-03161 "no hard-coded keys or other secrets" control now judges each flagged secret by whether it can actually reach production, so secrets that exist only in development-only configuration or in test and example code are treated as expected and no longer reported, while anything that ships to production is still flagged.

1.9.0

New experimental Documents feature.

  • Turn your evidence documents into AI-readable summaries — Index uploaded or referenced evidence files (PDFs, images, Word/Excel/PowerPoint, and text) into concise per-document summaries so their content is actually understood during control analysis. PDFs, scanned pages, and diagrams are captured visually when you index with a Claude CLI model. See External Evidence.
  • New "Wiki (Files)" tab — Browse the generated summary for every indexed document, see which controls each one is linked to, and open the full write-up — just like the existing source-code Wiki.
  • Run New Docs Indexing — A new button lets you choose exactly which evidence files to (re)index and which AI model to use; files that are missing or have changed are pre-selected.
  • Automatic control linkage you can override — Each document is automatically suggested as "General" or linked to specific controls, shown in Wiki (Files). You can override this per file in the Evidence tab, where referenced folders now expand into individually mappable, individually indexable files.
  • Analysis uses the curated summary, not the raw file — During control analysis the evaluator is given each document's summary (general documents contribute a one-line synopsis, control-specific ones their full summary), keeping evidence focused and costs predictable. Documents that still need indexing are clearly flagged.
  • Indexing File History — Track your document-indexing runs — status, timing, and document count — alongside the existing analysis and wiki indexing history.

1.8.1

  • Clearer errors when a run fails — When an analysis or wiki run fails, both the result and the live execution log now show the actual cause (for example an authentication problem, an unknown model, a missing CLI, or an API error) instead of a blank "exit 1" or a generic "Operation failed after retries" message — so failures are far easier to understand and fix.
  • Large Gemini (Direct API) requests no longer time out prematurely — Gemini models connected via Direct Cloud API now allow up to 10 minutes per request instead of a fixed 100-second limit, so longer wiki and analysis generations on big codebases complete instead of failing with a timeout.
  • Less noise in the execution log — Running against a project that isn't a git repository no longer spams the log with raw "fatal: not a git repository" lines.

1.8.0

  • Failed wiki runs now show as failed — When a wiki indexing topic can't be generated, the run is correctly marked Failed and shows the underlying error, instead of silently appearing Completed.
  • Gemini via API key or CLI — Gemini models now work both through your local Gemini CLI login and directly with a Gemini API key. Choose "Direct Cloud API" on the model and the API key you enter actually connects, with token usage tracked the same way as your other models. The direct connection now uses Google's native Gemini API, so the latest Gemini 3 thinking models work reliably during wiki and analysis runs.
  • Separate AI models for wiki and analysis — In the project's AI settings you can now pick a dedicated model for wiki generation and another for control analysis. Use a cheaper model for the mechanical wiki indexing while analysis keeps your strongest model — same quality at a fraction of the cost.
  • Concise wiki output — A new option generates shorter, fact-dense wiki pages. Wiki content feeds into every control evaluation, so brevity lowers analysis cost — especially when paired with a cheaper wiki model.
  • Pick an AI model per run — When starting an analysis or wiki indexing run, you can now choose a different AI model just for that run. Your project's default model stays unchanged.
  • See which model produced a result — Control results and wiki pages now show the AI model that generated them, alongside the existing run-level details.

1.7.0

  • See what's new after updates — A "What's New" window now appears automatically the first time you open a new version, and you can reopen it any time from the sidebar item to catch up on recent changes.
  • General documentation for analysis — Point a project at external files or folders on disk and mark them "applies to all controls" so they're always considered during analysis, without mapping each document to individual controls.
  • Reduced token usage — Optimizations to reduce token usage.
  • More accurate run cost & token reporting — Analysis runs now report exact token usage and cost, giving you a clearer picture of what each run consumes (Claude CLI only).

1.6.0

  • Hide projects — Hide projects you don't actively work on to keep your project list focused. Hidden projects stay on your device and can be shown again at any time.

1.0.0 – 1.5.0

  • Welcome to azuma nori.