The rate limit for authenticated GitHub Actions/Bot tokens (Tier C) in Takumi Guard has been raised approximately 6x, from ~10,000 req/min to ~60,000 req/min per token. This applies to both npm and PyPI registries.
Takumi Guard now delivers your API key directly in the setup email — no verification link to click. Setup is simpler, and enterprise email security tools no longer interfere with key delivery.
Credit limits are now required for all Takumi assessments, including both blackbox and whitebox assessments.
This ensures you can control credit consumption in advance, regardless of assessment type or mode, preventing unexpected large-scale credit usage.
Risk Focus Assessment, previously available only through the web console, is now supported in Takumi API blackbox assessments.
Risk Focus Assessment lets you start with the highest-risk areas, review results, and incrementally expand the assessment scope — all within a credit limit. You can set priorities explicitly or let Takumi prioritize automatically based on risk analysis. When the credit limit is reached, the assessment outputs results up to that point and stops. You can then add more credits and resume where you left off.
This is useful when you want predictable credit consumption or need to prioritize critical areas within a budget.
You can now specify a credit limit when running crawls (blackbox-crawl workflow) via the Takumi API. You can also resume a completed crawl with additional credits to continue where it left off — just like the Additional Crawl feature in the web console.
Takumi's blackbox assessment now supports scoped assessments and retests via the Takumi API. Previously, these capabilities were only available through the web console.
To support these workflows, we've made the following additions to the blackbox assessment API:
blackbox-crawl) that discovers features in the target application without performing any assessmentblackbox-assessment) that let you specify which features and perspectives to assessTakumi's whitebox assessment now supports Risk Focus mode — after feature enumeration, you can configure a credit limit and assessment priority for each feature and perspective to run a Risk Focus assessment.
Takumi Guard for PyPI now applies a 3-day quarantine to newly published packages.
When a new version appears on PyPI, it is held for 72 hours before being made available through Takumi Guard. This gives security analysis systems time to detect malicious packages before they are installed in your projects.
A credit threshold is now required when running Takumi blackbox assessments. The "Risk Focus Assessment" mechanism, previously offered as a separate menu option, is now the standard behavior for all blackbox assessments.
With this change, you can control credit consumption upfront for every blackbox assessment, preventing unexpected credit usage.
Takumi Guard now supports PyPI alongside npm.
Python projects using pip, uv, or poetry can now route installs through Takumi Guard to block known-malicious packages before they reach your CI or development environment.