Kestrel-lang

==================

Added
-----

- Kestrel doc for v1.5 syntax, mostly the language specification chapter

- New section on the Kestrel patterning: Extended Centered Graph Pattern (ECGP)
- New section on entity, attribute, and related mechanisms
- Commands section updated with v1.5 syntax
- Interface section rewritten with much more details
- Concepts/terminology section updated

Changed
-------

- ``ASSIGN`` and ``MERGE`` commands now require a return variable

==================

Added
-----

- Faster dependency installation for all github workflows using Python wheels
- Python 3.11 in unit test (github workflow)

Fixed
-----

- STIX-shifter module verification failure due to pypi website update
- codecov rate limit for public repo

==================

Added
-----

- Multiple test cases for escaped string parsed with main/ECGP parsers

Fixed
-----

- Escaped string in value for both ECGP and argument
- Token prefix not handled in

Changed
-------

- Use firepit time function for timestamp parsing
- Update Lark rule ``transform`` to ``vtrans`` to avoid Lark special function misfire

Removed
-------

- Explicit dependency ``python-dateutil``

==================

Added
-----

- Relative path support for environment variable starting with ``KESTREL`` 248
- Relative path support for path in ``LOAD``/``SAVE``
- Relative path support for local uri, i.e., ``file://xxx`` or ``file://./xxx`` in ``GET``
- Unit test on relative path in environment variable
- Unit test on relative path in LOAD
- Unit test on relative path in data source in GET

==================

Added
-----

- Type checking in kestrel.semantics.reference
- New exception ``MissingDataSource``
- Unit test on variable reference in GET
- Unit test on last data source reuse

Fixed
-----

- Missing data source if not specified 257
- SymbolTable type error in code generation

Removed
-------

- Obsoleted exception ``UnsupportedStixSyntax``

==================

Added
-----
- Introduce ExtendedCenteredGraphPattern (ECGP) for WHERE clause

- Support optional SCO/entity type for centered graph (STIX compatible)
- Support optional square brackets (STIX compatible)
- Support Single or double quotes (STIX compatible)
- Support nested list as value (STIX compatible)
- Support Kestrel variable as reference
- Support escaped characters in quoted value
- Support ECGP to string/STIX/firepit transformation
- Support ECGP pruning (centered or extended components)
- Support ECGP merge/extend with another ECGP
- Parse into STIX (now ECGP) 14
- Normalize WHERE clause between GET and expression
- Add WHERE clause to command FIND

- Upgrade arguments (in APPLY command)

- Support quoted string in arguments 170
- dereferring variables in arguments

- Upgrade path (in GET/APPLY/LOAD/SAVE command)

- Support escaped characters in quoted datasrc/analytics/path

- Upgrade JSON parser for command NEW

- Upgrade operators in syntax to be case insensitive

- Upgrade timespan

- absolute timespan without ``t`` and quotes
- relative timespan for FIND

- Upgrade prefetch with WHERE clause to eliminate unnecessary query

- Multiple test cases for new syntax and features

- Add macOS (arm64) install requirement to documentation

Changed
-------
- Limit STIXPATH to ATTRIBUTE

- command: SORT, GROUP, JOIN
- expression clause: sort, attr

- Use explicit list like ``(1,2,3)`` or ``[1,2,3]`` for multi-value argument

- Formalize *semantics processor* in parser-semantics-codegen procedure

- variable dereferencing in semantics processor
- variable timerange extraction in semantics processor