Changelog: June 23, 2026

[maekuss]

• Date: June 23, 2026
• Commit: fbbbf5cf

This PR consolidates two changelog windows into one entry stack:

• June 23, 2026 — reorganized to lead with the Context page, Applications, and threat models; the threat-model changes are a single entry covering the main points.
• June 18, 2026 — folded in from PR Changelog: June 18, 2026 #25 (now closed) as one section, with items it shared with June 23 deduped.

Documentation TODOs

These shipped features still need docs. The changelog links only to pages that already exist — add or update these, then link them:

• Context page: Document the Context page, its Repositories and Applications tabs, the threat-model status badges, and recency sorting.
• Applications: Document grouping repositories into an application, the synthesized application-level threat model, scanning an application as a target, and folding in application context documents.
• Threat models: Document the reading-view layout (file tree + outline) and inline editing with user-edit markers preserved across regenerations.
• Redacted findings on public PRs: Document how finding details are redacted in PR review comments for public repositories, what users see (count + link), and that private/internal repos and inline diff comments are unaffected.
• Org-level fail-on severity default: Document the org settings page option for setting a default fail-on severity threshold, how it interacts with per-repo config, and where to find it.
• Enterprise SSO sign-in: Document the SSO login flow, how to configure a SAML/OIDC identity provider connection, and the invite-token round-trip behavior.
• Duplicate findings: Document marking a finding as a duplicate in the UI, via the API, and via the `duplicate_of` field on the `update_finding` MCP tool, plus how duplicates affect severity gating and how to unmark.

From the June 18 section

• PR and MR checks update on triage: Document how triaging a finding re-evaluates the fail-on gate and flips the GitHub check / GitLab commit status without a re-run.
• Scan volume chart: Document the stacked bar chart on the dashboard and its per-day Code Review / Whitebox breakdown tooltip.
• Upload scans named after the archive: Document that an uploaded-archive Whitebox scan takes the archive's filename as its name.
• Legal agreement before trial or billing: Document when the legal agreement prompt appears and what it covers.

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
hacktronai	🟢 Ready	View Preview	Jun 23, 2026, 5:36 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 22c92df61b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Document duplicate_of in the API/MCP references

This entry announces duplicate marking through the API key endpoint and the update_finding MCP tool, but the referenced docs still describe PATCH /findings/{id} as requiring only state or severity and list no duplicate_of field, while the MCP tool table still says update_finding only updates state or severity; rg duplicate_of finds no documentation outside this changelog. Users following the new API/MCP announcement cannot discover the request shape and may conclude the new field is unsupported.

Useful? React with 👍 / 👎.