Fair question. The commit history is compressed, but the quality bar is the same
  regardless of timeline:

  - 206 tests across 18 test files (unit + integration)
  - Benchmark on a 20-fixture suite: P=0.82, R=1.00, F1=0.90, Critical Recall 1.00
  - Cross-platform CI (Python 3.10/3.12/3.13 on Ubuntu + macOS)
  - Fully type-checked with mypy strict mode
  - Self-scan in CI (agentsec scans itself every push)
  - pip-audit for dependency vulnerabilities
  - SARIF output validated against the spec

  The benchmark, test suite, and all case study artifacts are reproducible --
  scripts are in the repo if you want to verify.

  I'd rather people judge the tool by its detection accuracy and false positive
  rate than by the git log dates. The benchmark data is public and the methodology
  is documented.