Changelog
All notable changes to BrandKit are documented here.
[v0.4.0] - 2026-02-26
Highlights
- SVG security scanning to detect XSS and session hijacking threats
- SVG sanitization to remove malicious elements while preserving valid content
- Security scanning integrated into processing pipelines with CI support
Added
- Public
svg/securitypackage for programmatic security scanning with 7ThreatTypevalues:ThreatScript,ThreatEventHandler,ThreatExternalRef,ThreatAnimation,ThreatStyleBlock,ThreatLink,ThreatXMLEntity - Security scanning functions:
security.SVG(),security.SVGWithLevel(),security.Directory(),security.DirectoryRecursive(),security.ScanContent(),security.ScanContentWithLevel() - Scan levels:
ScanLevelStrict(all threats) andScanLevelStandard(critical/high only) - Sanitization functions:
security.Sanitize(),security.SanitizeContent()with configurableSanitizeOptions - Team report generation:
security.GenerateReport()outputs multi-agent-spec team-report JSON format - CLI command
brandkit security-scanwith--report,--strict,--project,--versionflags - CLI command
brandkit security-scan-allfor recursive security scanning with JSON report output - CLI command
brandkit sanitizefor removing threats from SVG files with selective removal options - Makefile targets
security-scan-allandsanitize-allfor batch operations
Changed
- CLI commands
brandkit whiteandbrandkit colornow perform security scanning by default - Added
--insecureflag towhiteandcolorcommands to warn instead of fail on threats - Library functions
ProcessWhite()andProcessColor()now include security scanning in pipeline ProcessResultstruct extended withSecurityScannedandSecurityThreatsfields
Security
- Detects script elements (
<script>) and self-closing script tags (critical) - Detects dangerous URI schemes:
javascript:,vbscript:,data:text/html(critical) - Detects event handler attributes (
onclick,onload,onerror,onmouseover, etc.) (critical) - Detects external references:
href="http://...",xlink:href,foreignObject,url()in styles, external<use>refs (high) - Detects XML entities:
<!DOCTYPE>,<!ENTITY>declarations for XXE prevention (high) - Detects animation elements:
<animate>,<animateTransform>,<animateMotion>,<set>(medium) - Detects
<style>blocks that may contain malicious CSS (low) - Detects
<a>anchor/link elements unnecessary for static images (medium)
Infrastructure
- GitHub Actions workflow
verify.yamlupdated to include security scanning step
Tests
- 24 unit tests for security scanning covering all 7 threat types and scan levels
- Tests verify sanitized output remains valid SVG and passes security scan
- Tests cover ScanLevelStrict vs ScanLevelStandard behavior differences
[v0.3.0] - 2026-02-14
Highlights
- Interactive coordinate picker tool for creating precise SVG polygons from images
- TypeScript library with 100% test coverage for coordinate picker functionality
- Saviynt brand icons with mathematically precise geometry
Added
- Saviynt brand icons (
icon_orig.svg,icon_white.svg,icon_color.svg) with precise parallelogram geometry - Interactive coordinate picker tool (
docs/coordinate-picker.html) for SVG polygon creation via GitHub Pages - TypeScript library (
tools/src/coordinate-picker.ts) with state management, SVG generation, and serialization - Multi-shape support with color-coded markers and pin sharing across shapes
- Zoom controls (50%-400%) for precise coordinate selection
- GitHub Actions workflow (
test-tools.yaml) for TypeScript tests on Node.js 20.x/22.x across platforms
Tests
- 63 unit tests for coordinate picker with 100% coverage on statements, branches, functions, and lines
Infrastructure
- Move coordinate picker to
docs/for GitHub Pages static hosting
[v0.2.0] - 2026-01-25
Highlights
- Go library APIs for programmatic icon retrieval and processing
- New CLI commands
brandkit colorandbrandkit verify-all - 17 new brand icons and 42 new
icon_color.svgfiles (total: 52 brands)
Added
- Go library API for embedded icon retrieval:
GetIcon,GetIconWhite,GetIconColor,GetIconOrig,ListIcons,IconExists,NormalizeIconName - Go library API for icon processing:
ProcessWhite,ProcessColorfor programmatic SVG processing - Go library API for recursive verification:
svg.ListSVGFilesRecursive,verify.DirectoryRecursive - CLI command
brandkit colorfor creating centered color icons preserving original colors - CLI command
brandkit verify-allfor recursive pure vector verification (CI-friendly) - 17 new brand icons: bolt, bootstrap, dart, flutter, go, javascript, kotlin, lovable, openapi, postgresql, postman, python, react, replit, spring, v0, windsurf (total: 52 brands)
- 42 new
icon_color.svgfiles for all brands with transparent backgrounds - GitHub Actions workflow
verify.yamlfor automated icon validation on PR/push
Changed
- Renamed
gcpbrand directory togoogle-gcpfor clarity and consistency - Refactored
brandkit whiteCLI to useProcessWhitelibrary function
[v0.1.0] - 2026-01-24
Highlights
- CLI toolkit for one-command SVG icon processing workflows
- Go library packages for SVG analysis, conversion, and verification
- Brand asset library with 36 brand icon directories
Added
- CLI command
brandkit whitefor one-step white icon generation with background removal, color conversion, centering, and verification - CLI command
brandkit convertfor SVG color conversion with support for hex, shorthand, and named colors - CLI command
brandkit processfor full SVG processing pipeline (convert, center, verify) - CLI command
brandkit analyzefor SVG geometry analysis (centering, padding, viewBox optimization) - CLI command
brandkit verifyfor pure vector validation (detects embedded base64, data URIs, binary references) - Public
svgpackage withBoundingBox,ViewBox,ParsePath,CalculatePathBounds, and file utilities - Public
svg/convertpackage for programmatic SVG color conversion with background removal and mask preservation - Public
svg/analyzepackage for programmatic SVG geometry analysis - Public
svg/verifypackage for programmatic pure vector validation - Brand asset library with 36 brand icon directories and standardized SVG variants